FreeBSD : mantis -- multiple vulnerabilities (0822a4cf-9318-11e8-8d88-00e04c1ea73d)
Medium Nessus Plugin ID 111403
SynopsisThe remote FreeBSD host is missing a security-related update.
Descriptionmantis reports :
Teun Beijers reported a cross-site scripting (XSS) vulnerability in the Edit Filter page which allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name.
Prevent the attack by sanitizing the filter name before display.
Omer Citak, Security Researcher at Netsparker, reported this vulnerability, allowing remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO on view_filters_page.php. Prevent the attack by sanitizing the output of $_SERVER['PHP_SELF'] before display.
SolutionUpdate the affected package.