|
Description
|
|
A weakness and a vulnerability have been reported in MantisBT, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks.
1) Input passed via the "return" GET parameter to "login_page.php" is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.
Successful exploitation requires the victim to use e.g. Firefox 34 or Chromium 39.
This weakness is related to:
SA62180
(#17)
The weakness is reported in versions 1.2.0a3 prior to 1.2.19.
2) Input passed via the "url" parameter to permalink_page.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerability is reported in versions prior to 1.2.19.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
MantisBT 1.x
|
|
|
|
|
|
Solution
|
|
Update to version 1.2.19.
|
|
|
|
|
|
CVE
|
|
CVE-2015-1042
CVE-2014-9701
|
|
|
|
|
|
References
|
|
MantisBT:
https://www.mantisbt.org/bugs/changelog_page.php?project=mantisbt&
version=1.2.19
https://www.mantisbt.org/blog/?p=408
Alejo Popovici:
https://www.mantisbt.org/bugs/view.php?id=17997
grangeway:
https://www.mantisbt.org/bugs/view.php?id=17362#c40613
OSS-Sec:
http://seclists.org/oss-sec/2015/q1/118
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
