oss-sec mailing list archives

CVE Request: XSS vulnerability in MantisBT 1.2.13

From: Damien Regad <dregad () mantisbt org>
Date: Fri, 14 Nov 2014 23:29:53 +0100

Please assign a CVE ID for the following issue.

Description:

The MantisBT Configuration Report page (adm_config_report.php) did notescape a parameter before displaying it on the page, allowing anattacker to execute arbitrary JavaScript code.

The severity of this issue is mitigated by the need to have ahigh-privileged account (by default, administrator) to access theconfiguration report page.


Affected versions:
>= 1.2.13, <= 1.2.17

Fixed in versions:
1.2.18 (not yet released)

Patch:
See Github [1]

Credit:

Issue was discovered by Alejo Popovici and fixed by Damien Regad(MantisBT Developer)


References:
Further details available in our issue tracker [2]


D. Regad
MantisBT Developer
http://www.mantisbt.org


[1] http://github.com/mantisbt/mantisbt/commit/ee8100d6
[2] http://www.mantisbt.org/bugs/view.php?id=17870

Current thread:

CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad (Nov 14)
- RE: CVE Request: XSS vulnerability in MantisBT 1.2.13 P Richards (Nov 14)
  - Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad (Nov 15)
    - Re: Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Paul Richards (Nov 15)
    - Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad (Nov 15)
    - Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad (Nov 19)
  - Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 cve-assign (Nov 19)
    - Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad (Nov 22)
- Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 cve-assign (Nov 19)