oss-sec mailing list archives

CVE request: XSS in MantisBT

From: Damien Regad <dregad () mantisbt org>
Date: Mon, 09 Feb 2015 22:37:02 +0100

Greetings,

Please assign a CVE ID for the following issue

Description:

The MantisBT Configuration Report (adm_config_report.php) did notproperly sanitize the form variables used when saving a filter, allowingan attacker to embed JavaScript code which would be executed in theclient's browser when displaying the page.


Affected versions:
- >= 1.2.13
- 1.3.0-beta.1

Fixed in versions:
- 1.2.20 (not yet released)
- 1.3.0-beta.2 (not yet released)

Patch:
See Github [1]

Credit:

This vulnerability was discovered by Fortinet's FortiGuard Labs(reference FG-VD-15-008 [2])

The issue was fixed by Damien Regad (MantisBT Developer).

References:

Further details will be available in our issue tracker [2] once thisgoes public.


[1] https://github.com/mantisbt/mantisbt/commit/6defeed5 (1.2.x)
    https://github.com/mantisbt/mantisbt/commit/3c6f6e56 (1.3.x)
[2] http://www.fortiguard.com/advisory/UpcomingAdvisories.html
[3] https://www.mantisbt.org/bugs/view.php?id=19301

Current thread:

CVE request: XSS in MantisBT Damien Regad (Feb 09)
- RE: CVE request: XSS in MantisBT P Richards (Feb 09)
  - Re: CVE request: XSS in MantisBT Damien Regad (Feb 13)
    - RE: Re: CVE request: XSS in MantisBT P Richards (Feb 13)
    - Re: CVE request: XSS in MantisBT Damien Regad (Feb 16)
    - RE: Re: CVE request: XSS in MantisBT P Richards (Feb 16)
    - Re: CVE request: XSS in MantisBT Damien Regad (Feb 16)
- Re: CVE request: XSS in MantisBT cve-assign (Feb 20)
  - RE: CVE request: XSS in MantisBT P Richards (Feb 21)
    - Re: CVE request: XSS in MantisBT cve-assign (Feb 21)