Mantis < 0.9.5 / 1.1.0 RC5 view.php HTML Injection

High Nessus Network Monitor Plugin ID 4326

Synopsis

The remote host is vulnerable to an HTML injection attack.

Description

The remote host appears to be running a vulnerable version of Mantis, a bug tracker web application written in PHP. It is reported that versions lower than 1.1.0 are vulnerable to a persistent HTML injection attack. The root of the flaw is in the way that Mantis handles user-supplied data to the 'view.php' script. An attacker exploiting this flaw would only need the ability to send HTTP requests to the 'view.php' script. Successful exploitation would result in arbitrary code being executed within the browser of other Mantis users.

Solution

Upgrade to version 0.19.5, 1.0.0 RC5 or higher.

See Also

http://www.mantisbt.org/bugs/view.php?id=8679

Plugin Details

Severity: High

ID: 4326

Family: CGI

Published: 2007/12/27

Modified: 2016/01/15

Dependencies: 1442

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mantisbt:mantisbt

Reference Information

CVE: CVE-2007-6611, CVE-2008-0404

BID: 27367, 27045