FreeBSD : mantis -- 'view_filters_page.php' XSS vulnerability (6e3b12e2-6ce3-11da-b90c-000e0c2e438a)
Medium Nessus Plugin ID 21450
SynopsisThe remote FreeBSD host is missing a security-related update.
Descriptionr0t reports :
Mantis contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to 'target_field' parameter in 'view_filters_page.php' isn't properly sanitised before being returned to the user. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
SolutionUpdate the affected package.