oss-sec mailing list archives
Re: CVE Request: XSS vulnerability in MantisBT 1.2.13
From: cve-assign () mitre org
Date: Wed, 19 Nov 2014 18:13:01 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The MantisBT Configuration Report page (adm_config_report.php) did not escape a parameter before displaying it on the page, allowing an attacker to execute arbitrary JavaScript code. The severity of this issue is mitigated by the need to have a high-privileged account (by default, administrator) to access the configuration report page. in the "set configuration" box https://github.com/mantisbt/mantisbt/commit/49c3d0893091fb1bb6b92639e59a72203be0bc4a http://www.mantisbt.org/bugs/view.php?id=17870
Use CVE-2014-8987. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUbSKHAAoJEKllVAevmvms+KIH/jStXq5SSAuLwLaKcxVCcl/i VHzHofuXLVYbOdh68T/f0Y4xtIQl99xecXM1EbCLQ7qkIrsnqCodNCZ7KI2T78AQ 01xqYno3adOlqyg6A5rpiXWuQk60j7yWucM90lDKpA1HgbJd5qpCcF4gVnyXaVp2 kgP+DnWfDYx51jrRiqsdLe3rg7qucmxcBOpB2jq7ErGacuKkKQLoOyOOFmwSVgpW uR5UztEfkNNRD600SRDDa8RpWxvLpeNK0KTe482wEDUl4wfNevOKbdp5R8NV1Gdo gKV6BcN1Dc7Nt47A8iYzD3zJTs6xxnt943C4ygNdwLkwzaZs3DmUOyr7IBHKSV4= =Jj13 -----END PGP SIGNATURE-----
Current thread:
- CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad (Nov 14)
- RE: CVE Request: XSS vulnerability in MantisBT 1.2.13 P Richards (Nov 14)
- Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad (Nov 15)
- Re: Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Paul Richards (Nov 15)
- Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad (Nov 15)
- Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad (Nov 19)
- Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad (Nov 15)
- RE: CVE Request: XSS vulnerability in MantisBT 1.2.13 P Richards (Nov 14)
- Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 cve-assign (Nov 19)
- Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad (Nov 22)