This host is running MantisBT and is prone to multiple local file include and cross-site scripting vulnerabilities.

Successful exploitation will allow attackers to conduct cross-site scripting attacks and disclose potentially sensitive information. Impact Level: Application

Upgrade to MantisBT version 1.2.8 or later. For updates refer to http://www.mantisbt.org/download.php

- Input appended to the URL after manage_config_email_page.php, manage_config_workflow_page.php and bugs/plugin.php is not properly sanitised before being returned to the user. - Input passed to the 'action' parameter in bug_actiongroup_ext_page.php and bug_actiongroup_page.php is not properly verified before being used to include files. - Input passed to the 'os', 'os_build', and 'platform' parameters in bug_report_page.php and bug_update_advanced_page.php is not properly sanitised before being returned to the user.

MantisBT versions prior to 1.2.8

• http://secunia.com/advisories/45829/
• http://www.mantisbt.org/bugs/view.php?id=13191
• http://www.mantisbt.org/bugs/view.php?id=13281
• https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html

---

Updated on 2015-03-25