FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mantis -- "view_filters_page.php" cross site scripting vulnerability

Affected packages
mantis < 1.0.0a4

Details

VuXML ID 592815da-9eed-11da-b410-000e0c2e438a
Discovery 2005-12-13
Entry 2006-02-16

r0t reports:

Mantis contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "target_field" parameter in "view_filters_page.php" is not properly sanitised before being returned to the user. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[source]

References

CVE Name CAN-2005-4238
URL http://pridels.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.