Bug#640297: XSS vulnerability dues to usage of PHP_SELF : Not fixed

Hi Sils, Thank you for debugging this issue further and discovering the additional problem with form_action_self(). On Mon, 2011-09-05 at 15:14 +0200, sils wrote: > The XSS injection is continued producing, because of the function > "form_action_self". This function is used to generate a form act

Bug#640297: MantisBT <1.2.8 multiple vulnerabilities (LFI/XSS/remote arbitrary code execution)

Package: mantis Version: 1.2.6-1 Severity: critical Tags: security patch upstream fixed-upstream Hi Sils and others, Thank you for the quick response to bug #638321 (search.php multiple XSS vulnerabilities in http://www.openwall.com/lists/oss-security/2011/09/04/1 [2] http://www.mantisbt.org/bugs

Bug#638321: MantisBT <1.2.7 search.php multiple XSS vulnerabilities

Package: mantis Version: 1.2.4-3 Severity: critical Tags: security patch upstream fixed-upstream Original vulnerability report by Net.Edit0r (net.edi...@att.net) from BlACK Hat Group [http://black-hg.org] is available at: http://packetstormsecurity.org/files/104149 MantisBT bug report for full de

Bug#607159: MantisBT <1.2.4 multiple vulnerabilities (LFI, XSS and PD)

Hi Olivier, Thank you for the response. On Wed, 2010-12-15 at 09:13 +0100, Olivier Berger wrote: > AFAICT, Debian installations may not be vulnerable as the admin/ dir is > protected in principle by the Apache configuration of the package : This is good/recommended practice so this bug will pro

Bug#607159: MantisBT <1.2.4 multiple vulnerabilities (LFI, XSS and PD)

Package: mantis Version: 1.1.6+dfsg-2lenny4 Severity: critical Tags: security patch upstream fixed-upstream The MantisBT project was notified by Gjoko Krstic of Zero Science Lab (gj...@zeroscience.mk) of multiple vulnerabilities affecting MantisBT <1.2.4. The two following advisories have been re