Mantis Multiple HTML Injection Vulnerabilities Network Vulnerability

Summary

Mantis is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie- based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. Versions prior to Mantis 1.2.3 vulnerable.

Solution

The vendor released an update. Please see the references for more information.

References

http://www.mantisbt.org/
http://www.mantisbt.org/bugs/changelog_page.php?version_id=111
https://www.securityfocus.com/bid/43224

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
@Mail 'MailType' Parameter Cross Site Scripting Vulnerability
Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities

Take action and discover your vulnerabilities