| VID |
21355 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Mantis on the remote Web server, according to its version number, has Multiple Cross-Site Scripting Vulnerabilities.
Mantis is a freely available PHP-based bug tracking system that uses a MySQL backend database. Mantis versions 0.19.0a and earlier are vulnerable to multiple Cross-Site Scripting vulnerabilities, caused by improper validation of user-supplied input in the 'signup.php', 'login_page.php', 'login_select_proj_page.php', and 'view_all.set.php' script. A remote attacker could create a specially crafted URL link containing malicious scripts, and then could persuade a target user to click it. Once the URL is clicked, the embedded codes would be executed in the victim's Web browser. A remote attacker could use these vulnerabilities to steal the victim's cookie-based authentication credentials.
* Note: This check solely relied on the version of Mantis on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2004-08/0292.html
* Platforms Affected:
Mantis version 0.19.0a and earlier
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Mantis (0.19.0a2 or later), available from the Mantis web site at http://www.mantisbt.org/index.php |
| Related URL |
CVE-2004-1730 (CVE) |
| Related URL |
10994 (SecurityFocus) |
| Related URL |
17066,17069,17070,17072 (ISS) |
|
