Description of problem: HTML tags are reportedly not escaped properly in "Most Active" section on "Summary" screen even if HTML tags are disabled via g_html_valid_tags, which makes it possible to conduct a cross-site scripting attack. Additional info: Original report: http://bugs.mantisbt.org/view.php?id=8756
CVE name for this issue was requested.
mantis-1.1.1-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
mantis-1.1.1-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
I guess this could be closed?
Fixed in upstream version 1.1.1.
This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-0796 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-0856
Reporter changed to security-response-team by request of Jay Turner.