Red Hat Bugzilla – Bug 429552
CVE-2008-0404 mantis: XSS via "Most Active" on "Summary" screen
Last modified: 2009-10-23 15:06:18 EDT
Description of problem:
HTML tags are reportedly not escaped properly in "Most Active" section on
"Summary" screen even if HTML tags are disabled via g_html_valid_tags, which
makes it possible to conduct a cross-site scripting attack.
Original report: http://bugs.mantisbt.org/view.php?id=8756
CVE name for this issue was requested.
mantis-1.1.1-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
mantis-1.1.1-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
I guess this could be closed?
Fixed in upstream version 1.1.1.
This issue was addressed in:
Reporter changed to firstname.lastname@example.org by request of Jay Turner.