MantisBT

View Issue Details Jump to Notes ] Related Changesets ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0005682ATutor- no cat -public2016-05-12 15:452016-07-11 13:03
ReporterSoufiane Rouas 
Assigned Togreg 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target Version2.2.2Fixed in Version2.2.2 
Summary0005682: Create folder XSS
DescriptionHello,
I have done the steps below:
- first step:
  I logged in as a demo user
- second step:
  I jumped to the URL : https://demo.atutorspaces.com/mods/_core/editor/edit_content_folder.php? [^]
- third step:
  I injected a script code , then i realized that your demo website is vulnerable to an stored XSS, attached u will find some screen-shots.
TagsNo tags attached.
Affects versionSVN
SVN Revision#02757e2..73eea7d master -> master
Attached Files

- Relationships

-  Notes
(0007400)
greg (administrator)
2016-06-14 19:51

filter folder titles for scripts and other bad things
(0007438)
greg (administrator)
2016-06-30 17:43

Close for 2.2.2

- Related Changesets
ATutor: master 73eea7d8
Timestamp: 2016-06-14 19:50:10
Author: greg
Details ] Diff ]
5682 filter folder titles for scripts and other bad things
mod - mods/_core/editor/edit_content_folder.php Diff ] File ]

- Issue History
Date Modified Username Field Change
2016-05-12 15:45 greg New Issue
2016-05-12 15:45 greg Status new => assigned
2016-05-12 15:45 greg Assigned To => greg
2016-06-14 19:51 greg SVN Revision# => 02757e2..73eea7d master -> master
2016-06-14 19:51 greg Note Added: 0007400
2016-06-14 19:51 greg Status assigned => resolved
2016-06-14 19:51 greg Fixed in Version => 2.2.2
2016-06-14 19:51 greg Resolution open => fixed
2016-06-17 18:24 greg Changeset attached => ATutor master 73eea7d8
2016-06-30 17:43 greg Note Added: 0007438
2016-06-30 17:43 greg Status resolved => closed
2016-07-11 13:03 greg Reporter greg => Soufiane Rouas


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker