Mantis 1.2.x < 1.2.3 Cross-Site Scripting Vulnerability
Medium Nessus Network Monitor Plugin ID 5676
SynopsisThe remote web server is hosting a web application that is vulnerable to multiple cross-site scripting attacks.
DescriptionThe remote web server is hosting Mantis, an open source bugtracking application written in PHP.
Versions of Mantis 1.2.x prior to 1.2.3 are potentially affected by multiple cross-site scripting vulnerabilities :
- A cross-site scripting issue exists when viewing the Summary page. (Bug 0012309)
- A cross-site scripting issue exists in print_all_bug_page_word.php when printing project and category names. (Bug 0012238)
- Multiple cross-site scripting issues exist which relate to custom field enumeration values. (Bug 0012232)
- A cross-site scripting vulnerability exists when deleting maliciously named categories. (Bug 012230)
- A cross-site scripting issue exists in NuSOAP WSDL. (Bug 0012312)
SolutionUpgrade to Mantis 1.2.3 or later.