oss-sec mailing list archives
Re: CVE Request: Multiple XSS vulnerabilities in MantisBT
From: Paul Richards <paul () mantisforge org>
Date: Fri, 5 Dec 2014 09:30:13 +0000
Hello Mitre, I believe your current analysis is incorrect, and that Damien's attribution is incorrect. Issue 17816 regarding copy fields - http://www.mantisbt.org/bugs/view.php?id=17876 is a duplicate of 17362 The report in issue 17362 referred to a security issue in "5. Reflected XSS in admin panel: PoC: [MantisBT]/admin/test_langs.php?dest_id=<script>alert(1)</script>" At that point my response was "In terms of number 5 - are you sure you meant test_langs.php. In 1.3-master, there's an issue within copy_field.php of doing something similar of: admin/copy_field.php?source_id=1&dest_id="></a><script>alert()</script><b style="" as I was already aware of an issue within copy_field.php I should be able to supply a report confirming this later on. The security researcher then came back and stated that he had indeed made an error in his report and he did not mean test_langs.php In this case, the line: "Credit: Issue was reported by Mathias Karlsson (http://mathiaskarlsson.me) as part of Offensive Security's bug bounty program [7]. It was fixed by Paul Richards." is in correct as the issue was identified by myself initially, then subsequently identified (incorrectly) in the initial bug report. As I need to be able to do a security bulletin regarding my find for the XSS within copy_field.php, can you please tell me what CVE identifier to use for this and ensure proper attribution? Thanks in Advance Paul On Thu, Dec 4, 2014 at 6:20 PM, <cve-assign () mitre org> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 1. XSS in extended project browser[1] http://github.com/mantisbt/mantisbt/commit/511564cc [2] http://www.mantisbt.org/bugs/view.php?id=17890Use CVE-2014-9269. 2. XSS in projax_api.php[3] http://github.com/mantisbt/mantisbt/commit/0bff06ec [4] http://www.mantisbt.org/bugs/view.php?id=17583Use CVE-2014-9270. 3. XSS in admin panel / copy_field.php[5] http://github.com/mantisbt/mantisbt/commit/e5fc835a [6] http://www.mantisbt.org/bugs/view.php?id=17876Use CVE-2014-9271. Issues 3 and 5 are MERGED into the same CVE ID because they are the same type of issue, affecting the same versions, disclosed at the same time, and found by the same person. 4. XSS in string_insert_hrefs()[8] http://github.com/mantisbt/mantisbt/commit/05378e00 [9] http://www.mantisbt.org/bugs/view.php?id=17297Use CVE-2014-9272. 5. XSS in file uploads[10] http://github.com/mantisbt/mantisbt/commit/9fb8cf36f [11] http://www.mantisbt.org/bugs/view.php?id=17874Use CVE-2014-9271. Issues 3 and 5 are MERGED into the same CVE ID because they are the same type of issue, affecting the same versions, disclosed at the same time, and found by the same person. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEVAwUBVICkqKllVAevmvmsAQKuBQgAxVb3LZJ82oRHEpIKAGioXOw6bm1umxAh CRzFnVZUrUpZFB3vIAjAcatJXXLjZmk0NSHqWeguZ08q95lS9ockXcyYaoS5UKWG dyqPpZVCbhsmbSc8jf88IdT3EUAScdpof8dpCnYLSzRKdmq15GIYmYlnapms3+sK 6EhVvxwrv85Giu2b2KLAB/6cjV75ATDtBu6IFC7GJed+2kc7ef8eTmJoiGQ+mdtB 73ZGoykBlyBN5a6PVcfqPMtn58x6I8jUn4Oug382aKttVB5udp9ciRQSD0Yqdhv6 F9bUrVPMStuTdnk64F/JDYI9x001jjCah2DiW2IMBOodjvtUr+qgPw== =wjH5 -----END PGP SIGNATURE-----
Current thread:
- CVE Request: Multiple XSS vulnerabilities in MantisBT Damien Regad (Nov 30)
- Re: CVE Request: Multiple XSS vulnerabilities in MantisBT cve-assign (Dec 04)
- Re: CVE Request: Multiple XSS vulnerabilities in MantisBT Damien Regad (Dec 05)
- Re: CVE Request: Multiple XSS vulnerabilities in MantisBT Paul Richards (Dec 05)
- Re: CVE Request: Multiple XSS vulnerabilities in MantisBT Damien Regad (Dec 05)
- Re: CVE Request: Multiple XSS vulnerabilities in MantisBT cve-assign (Dec 05)
- Re: CVE Request: Multiple XSS vulnerabilities in MantisBT Damien Regad (Dec 05)
- Re: CVE Request: Multiple XSS vulnerabilities in MantisBT cve-assign (Dec 04)