FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mantis -- "view_filters_page.php" cross-site scripting vulnerability

Affected packages
mantis < 1.0.0rc4

Details

VuXML ID 6e3b12e2-6ce3-11da-b90c-000e0c2e438a
Discovery 2005-12-13
Entry 2005-12-14

r0t reports:

Mantis contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "target_field" parameter in "view_filters_page.php" isn't properly sanitised before being returned to the user. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[source]

References

Bugtraq ID 15842
URL http://pridels.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.