MantisBT 2.2.x < 2.2.1 Multiple XSS
Medium Nessus Network Monitor Plugin ID 700004
Synopsis
The remote web server is hosting an outdated web application that is vulnerable to cross-site scripting (XSS) attack vectors.
Description
Versions of MantisBT 2.2.x prior to 2.2.1 are affected by multiple XSS vulnerabilities :
- A flaw exists that allows a XSS attack. This flaw exists because the 'views_filters_page.php' script does not validate input to the 'view_type' parameter before returning it to users. This may allow a remote attacker to create a specially crafted request that will execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2017-6797)
- A flaw exists that allows a XSS attack. This flaw exists because the 'bug_change_status_page.php' script does not validate input to the 'action_type' parameter before returning it to users. This may allow a remote attacker to create a specially crafted request that will execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2017-6799)
- A flaw exists that allows a XSS attack. This flaw exists because the 'core/layout_api.php' script does not validate input via the Window Title configuration before returning it to users. This may allow an authenticated, remote attacker to create a specially crafted request that will execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2017-7222)
Solution
Upgrade to MantisBT 2.2.1 or later.