oss-sec mailing list archives

Re: CVE request: Attachment XSS in mantis < 1.2.2

From: Josh Bressers <bressers () redhat com>
Date: Tue, 3 Aug 2010 16:01:47 -0400 (EDT)

Please use CVE-2010-2802

Thanks.

-- 
    JB


----- "Hanno Böck" <hanno () hboeck de> wrote:

http://www.mantisbt.org/bugs/view.php?id=11952
http://www.mantisbt.org/blog/?p=113

Issue #11952 covers a security fix to the display of inline
attachments, where 
“Arbitrary inline attachment rendering could lead to cross-domain
scripting or 
other browser attacks”.

-- 
Hanno Böck            Blog:           http://www.hboeck.de/
GPG: 3DBD3B20         Jabber/Mail:    hanno () hboeck de

http://schokokeks.org - professional webhosting

Current thread:

CVE request: Attachment XSS in mantis < 1.2.2 Hanno Böck (Aug 02)
- Re: CVE request: Attachment XSS in mantis < 1.2.2 Josh Bressers (Aug 03)