Detections
Analytics

MantisBT search.php match_type Parameter XSS

medium Nessus Plugin ID 64490

Language:

Synopsis

The remote web server hosts a PHP script that is affected by a cross- site scripting vulnerability.

Description

The version of MantisBT installed on the remote host fails to properly sanitize user-supplied input to the 'match_type' parameter of the 'search.php' script before using it to generate dynamic HTML output. An attacker may be able to leverage this to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site.

Note that the install is also likely to be affected by additional cross-site scripting vulnerabilities as well as an unauthorized status update flaw, although Nessus has not tested for these additional issues.

Solution

Upgrade to version 1.2.13 or later or apply the patch from the referenced URL.

See Also

http://www.nessus.org/u?007c024a

https://mantisbt.org/bugs/view.php?id=15373

Plugin Details

Severity: Medium

ID: 64490

File Name: mantis_match_type_xss.nasl

Version: 1.10

Type: remote

Published: 2/7/2013

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:mantisbt:mantisbt

Required KB Items: installed_sw/MantisBT

Exploit Ease: No exploit is required

Patch Publication Date: 1/18/2013

Vulnerability Publication Date: 1/15/2013

Reference Information

CVE: CVE-2013-0197

BID: 57456

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990