MantisBT "View Issues" Cross-Site Scripting Vulnerability Fixed by 1.3.1


Description   (#A cross-site scripting vulnerability has been identified in MantisBT's Filter API.#A remote attacker can exploit it in order to execute arbitrary Javascript or HTML code by inciting their victim into following a specially formed link.##The vulenerability is located in the 'view_type' parameter of the 'view_all_bug_page.php' page.##A proof of concept is available.#Updated, 19/08/2016:#The mantis packages provided by Debian Wheezy 7 are vulnerable.)
     
Vulnerable Products   Vulnerable OS:
FreeBSD (FreeBSD) - AllGNU/Linux (Debian) - 7Vulnerable Software:
MantisBT (Mantis) - 1.2, 1.2.1, 1.2.10, 1.2.11, 1.2.12, ..., 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.3.0
     
Solution   Fixed mantis packages for FreeBSD are available.
     
CVE   CVE-2016-6837
     
References   - oss-sec : MantisBT: XSS in view_all_bug_page.php
http://seclists.org/oss-sec/2016/q3/306
- Debian Security Tracker : mantis
https://security-tracker.debian.org/tracker/CVE-2016-6837
- VuXML : mantis -- XSS vulnerability
http://www.vuxml.org/freebsd/2b63e964-eb04-11e6-9ac1-a4badb2f4699.html
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL
3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL
3.2.0
XSS - Phishing : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL
3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL
3.2.0
XSS - Phishing : suspicious 'a' tag found in URL
3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL
3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL
3.2.0
XSS - Phishing : suspicious 'form' tag found in URL
3.2.0
XSS - Prevention - GET : javascript code found in URL
3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL
3.2.0
XSS - Phishing : suspicious 'link' tag found in URL
3.2.0
XSS - Prevention - GET : 'script' tag found in URL
3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL
3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL
3.2.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2016-08-18 

 Target Type 
Client 

 Possible exploit 
Remote