0017876: CVE-2014-9281: Reflected XSS in admin panel / copy_field.php - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0017876	mantisbt	security	public	2014-11-14 19:32	2014-12-05 18:33

Reporter	avlidienbrunn	Assigned To	dregad
Priority	high	Severity	major	Reproducibility	always
Status	closed	Resolution	fixed
Product Version	1.2.17
Target Version	1.2.18	Fixed in Version	1.2.18

Summary	0017876: CVE-2014-9281: Reflected XSS in admin panel / copy_field.php
Description	PoC: [MantisBT]/admin/copy_field.php?source_id=1&dest_id=<script>alert(1)</script>
Additional Information	Originally reported under point 5. in 0017362
Tags	No tags attached.

dregad 2014-11-23 18:42 developer ~0041890	Edited description: the original report referenced test_langs.php, but that page does not use any parameters.

dregad 2014-12-01 02:28 developer ~0041951	CVE request sent http://thread.gmane.org/gmane.comp.security.oss.general/14956

dregad 2014-12-05 03:04 developer ~0041976	Comment from MITRE: Issues 0017876 and 0017874 are MERGED into the same CVE ID because they are the same type of issue, affecting the same versions, disclosed at the same time, and found by the same person.

dregad 2014-12-05 15:32 developer ~0041982	MITRE changed the CVE ID following grangeway's comment http://thread.gmane.org/gmane.comp.security.oss.general/14956/focus=15013

MantisBT: master-1.2.x e5fc835a 2014-10-30 15:29 Paul Richards Committer: dregad Details Diff	Fix 0017876: XSS in copy_field.php This issue was reported by Matthias Karlsson (http://mathiaskarlsson.me) as part of Offensive Security's bug bounty program [1]. [1] http://www.offensive-security.com/bug-bounty-program/ Signed-off-by: Damien Regad <dregad@mantisbt.org>		Affected Issues 0017876
	mod - admin/copy_field.php		Diff File