oss-sec mailing list archives
Re: MantisBT: XSS in view_all_bug_page.php
From: cve-assign () mitre org
Date: Wed, 17 Aug 2016 23:40:04 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
An XSS vulnerability was discovered in MantisBT's Filter API, affecting the View Issues page. It is caused by unescaped output of the 'view_type' GPC parameter, and can be exploited as follows: /mantis/view_all_bug_page.php?view_type=[XSS] To resolve the issue, the parameter's value is sanitized prior to being stored in the filter, ensuring only authorized values 'simple' and 'advanced' are saved, and subsequently printed on the hidden form field. https://github.com/mantisbt/mantisbt/commit/7086c2d8b4b20ac14013b36761ac04f0abf21a4e https://mantisbt.org/bugs/view.php?id=21611
Use CVE-2016-6837. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXtSbhAAoJEHb/MwWLVhi2y/sQAI4Zgb9yzisnCQlPnBFtPALu nSl9WntQBBBKSS/7EIv+4OntPTRF69ngqgLFSZRNBB8OAbOYxqhuxNKjx2O/t9HL 3amuDNatrIQdvjd9dpd0yD23lIRRB3i7Zq+DzAPsEO2MwazQBtyHKTIGmmcYpGv9 UsZ0Vw+jD3l16Z/9DfZINu+pBuUO0k7/zKlpQ4v2RRjq4J6RGrGMbR+lY4nP7sxm asQ5Mk9vz/Whpk7hAfYcAvSw2qb+K9bgTiLZ3HF/97kQCUTA+8VrCpVO8EG4k6Rz o+8jK2tZi3lRPlmzYIeVe+b3gLuyTvuYSNV1WbQllnjtU4NNaqgcXm3BxTEKmAqj IYo8OcZql1KDiVscDw8xuUTtPFmAqTtstUOh44DIVgzO0l4Rlz6PIF1kZ5IT8eFo d0YuCIrAOXSupfVASpffuHGNKwBniF+AoQYFAdG26XKIBDmir7y4vZIx/OPH257d sXTdJkzVhZuyQJWjVlOsV9tGIh/VkR/VO0vXj5Q02k//7AtmeLUf/utMVhNCOA0c MDxQatjIDh+eDfEFDlLY/FkeduHb2aJI9QiI1QRayE01C6+tJUo26mhGcqf0O7Wa Jgfd78fEaquju9kZ8TaR6qKVsABvEQWAesxVjfnrg5mk54rzbr09t3sqyVPpwNwy 5ROx1/qpuWT03S5xW/PG =mmRp -----END PGP SIGNATURE-----
Current thread:
- MantisBT: XSS in view_all_bug_page.php Damien Regad (Aug 17)
- Re: MantisBT: XSS in view_all_bug_page.php cve-assign (Aug 17)