Summary
This host is installed with
MantisBT and is prone to cross-site scripting vulnerability.
Impact
Successful exploitation will allow
attackers to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
Impact Level: Application
Solution
Upgrade to MantisBT version 1.2.18 or later.
For updates refer to http://www.mantisbt.org/download.php
Insight
The flaw exists as the
adm_config_report.php script does not validate input when handling the config file option before returning it to users.
Affected
MantisBT version 1.2.13 through 1.2.17
Detection
Get the installed version with
the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-8986 -
CVSS Base Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N
Related Vulnerabilities
- Firefox Information Disclosure Vulnerability Jan09 (Linux)
- Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
- IBM WebSphere Application Server SIP Logging Information Disclosure Vulnerability
- phpMyAdmin pmd_pdf.php Cross Site Scripting Vulnerability
- Bugzilla 'Install/Filesystem.pm' Information Disclosure Vulnerability