Hi Thijs, * Thijs Kinkhorst <[EMAIL PROTECTED]> [2008-01-23 14:23]: > > CVE-2008-0404[0]: > > | Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows > > | remote attackers to inject arbitrary web script or HTML via the "Most > > | active bugs" summary. > > > > > > You can find a patch for this on: > > http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/trunk/mantisbt/core/su > > mmary_api.php?r1=4848&r2=4897&view=patch > > Could you check out the status of this in sarge? If it applies to sarge > aswell, then maybe we can issue a new DSA fixing this and the regressions > in one go.
The code looks totally different. Some experience webapps guy should check this. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpL2jTPWh94U.pgp
Description: PGP signature
