header-logo
Suggest Exploit
vendor:
Mantis
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: Mantis
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE:
CPE: a:mantisbt:mantis
Metasploit:
Other Scripts:
Platforms Tested:
2004

Cross-Site Scripting Vulnerabilities in Mantis

Mantis, a web-based bug tracking system, is affected by cross-site scripting vulnerabilities. These vulnerabilities arise from a lack of proper sanitization of user-supplied URI input. A remote attacker can exploit these vulnerabilities by creating a malicious URI link containing hostile HTML and script code. When the victim user follows this link, the malicious code can execute in their web browser, potentially leading to theft of authentication credentials or other attacks.

Mitigation:

Upgrade to the CVS version of Mantis released on 1 Aug 2004 or later. Implement proper input sanitization and validation to mitigate the risk of cross-site scripting vulnerabilities.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10994/info

Mantis is a web-based bug tracking system. It is written in PHP and supported by a MySQL database.

It is reported that Mantis is affected by cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input.

These issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.

These vulnerabilities are reported to be fixed in the CVS version of Mantis as of 1 Aug 2004. 

http://www.example.com/login_page.php?return=[XSS]
http://www.example.com/signup.php?username=user&email=[XSS]
http://www.example.com/login_select_proj_page.php?ref=[XSS]
http://www.example.com/login_select_proj_page.php?ref=%22%3E[XSS]
http://www.example.com/view_all_set.php?type=1&reporter_id=5031&hide_status=80<script>alert('hi')</script>

Navigation

Suggest Exploit

Services By CQR