Detections
Analytics

MantisBT nusoap/nusoap.php NuSOAP WSDL XSS

medium Nessus Plugin ID 49792

Language:

Synopsis

The remote web server hosts an application that is affected by a cross-site scripting vulnerability.

Description

The installation of MantisBT on the remote host includes a version of NuSOAP that fails to sanitize user input passed via PHP's $_SERVER['PHP_SELF'] variable to 'nusoap/nusoap.php' via 'soap/mantisconnect.php' before using it to generate dynamic HTML content.

An unauthenticated, remote attacker may be able to leverage this issue to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site.

Although Nessus has not checked for them, the installed version is also likely to be affected by several other cross-site scripting vulnerabilities.

Solution

Upgrade to MantisBT 1.2.3 or later.

See Also

https://sourceforge.net/p/nusoap/discussion/193579/thread/7bef69a7/

https://mantisbt.org/bugs/view.php?id=12312

https://mantisbt.org/bugs/changelog_page.php?version_id=111

Plugin Details

Severity: Medium

ID: 49792

File Name: mantis_nusoap_wsdl_xss.nasl

Version: 1.15

Type: remote

Published: 10/7/2010

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:mantisbt:mantisbt

Required KB Items: installed_sw/MantisBT

Exploit Ease: No exploit is required

Patch Publication Date: 9/14/2010

Vulnerability Publication Date: 9/14/2010

Reference Information

CVE: CVE-2010-3070

BID: 42959

CWE: 79

SECUNIA: 41254