View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0019384 | mantisbt | security | public | 2015-02-19 12:17 | 2015-03-25 17:50 |
Reporter | TWSpiders | Assigned To | atrol | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | no change required | ||
Product Version | 1.2.18 | ||||
Summary | 0019384: Multiple Cross-Site Scripting Vulnerabilities | ||||
Description | Finding 1: Cross-Site Scripting Vulnerability in 'permalink_page.php' page The /permalink_page.php page 'url' parameter in MantisBT is vulnerable to a cross-site scripting vulnerability when Javascript is supplied via GET or POST request. Finding 2: Cross-Site Scripting Vulnerability in 'adm_config_report.php' page The /adm_config_report.php page 'filter_config_id' parameter in MantisBT is vulnerable to a cross-site scripting vulnerability when Javascript is supplied via GET or POST request. | ||||
Steps To Reproduce | Finding 1: Cross-Site Scripting Vulnerability in 'permalink_page.php' page #Request: Finding 2: Cross-Site Scripting Vulnerability in 'adm_config_report.php' page #Request: save=1&filter_user_id=0&filter_project_id=0&filter_config_id=view_handler_threshold'/><script>alert("XSS")</script>&apply_filter_button=Apply+Filter It’s possible to inject 'view_handler_threshold'/><script>alert("XSS")</script>' into parameter 'filter_config_id's value, which will be executed when the page loads in the user's browser. | ||||
Tags | No tags attached. | ||||
Attached Files | |||||
related to | 0011260 | closed | dhx | Attribute/XSS injection in permalink_page.php |
related to | 0019301 | closed | dregad | CVE-2015-2046 : XSS in adm_config_report.php (FG-VD-15-008) |
related to | 0017648 | closed | dregad | CVE-2014-6316: URL redirection issue |
related to | 0019493 | closed | dregad | CVE-2014-9701: XSS vulnerability in permalink_page.php |
|
|
|
|
TWSpiders, do you agree that we can close the issue as your Finding 1 is fixed in latest stable version 1.2.19 (fixed since 1.2.18) and your Finding 2 is fixed in nightly builds of stable branch and will be fixed in next stable 1.2.20? |
|
Thanks. Yes, please close the ticket. |
|
Can you advise if you will be requesting a CVE for these findings? |
|
@TWSpiders you will find the CVE numbers in the related (duplicate) issues, see the Relationships section above. |
|
Can you point me to the CVE for finding 1? I do not see a CVE requested for this finding. Thanks! |
|
TWSpiders, is there a special reason that you post private notes? Your finding 1 has been resolved in version 1.2.18 since fix of bug 0017648, CVE-2014-6316 If you want to have an own CVE for it , you can open a new issue for version 1.2.17, set it to resolved in version 1.2.18 and request a new CVE. For future reports: Please do not report more than one finding in one issue as it makes it hard to follow up and impossible to assign 1:1 CVE's to issue ID's. |
|