oss-sec mailing list archives
CVE request: Attachment XSS in mantis < 1.2.2
From: Hanno Böck <hanno () hboeck de>
Date: Tue, 3 Aug 2010 01:15:23 +0200
http://www.mantisbt.org/bugs/view.php?id=11952 http://www.mantisbt.org/blog/?p=113 Issue #11952 covers a security fix to the display of inline attachments, where “Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks”. -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno () hboeck de http://schokokeks.org - professional webhosting
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE request: Attachment XSS in mantis < 1.2.2 Hanno Böck (Aug 02)
- Re: CVE request: Attachment XSS in mantis < 1.2.2 Josh Bressers (Aug 03)