Summary
This host is running MantisBT and is prone to multiple local file include and cross-site scripting vulnerabilities.
Impact
Successful exploitation will allow attackers to conduct cross-site scripting attacks and disclose potentially sensitive information.
Impact Level: Application
Solution
Upgrade to MantisBT version 1.2.8 or later.
For updates refer to http://www.mantisbt.org/download.php
Insight
- Input appended to the URL after manage_config_email_page.php, manage_config_workflow_page.php and bugs/plugin.php is not properly sanitised before being returned to the user.
- Input passed to the 'action' parameter in bug_actiongroup_ext_page.php and bug_actiongroup_page.php is not properly verified before being used to include files.
- Input passed to the 'os', 'os_build', and 'platform' parameters in bug_report_page.php and bug_update_advanced_page.php is not properly sanitised before being returned to the user.
Affected
MantisBT versions prior to 1.2.8
References
Severity
Classification
-
CVE CVE-2011-3356, CVE-2011-3357, CVE-2011-3358, CVE-2011-3578 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
- Apache Tomcat source.jsp malformed request information disclosure
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- An Image Gallery Multiple Cross-Site Scripting Vulnerability
- Apache Struts Cross Site Scripting Vulnerability