Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mantis 1.2.x < 1.2.3 Cross-Site Scripting Vulnerability

Medium

Synopsis

The remote web server is hosting a web application that is vulnerable to multiple cross-site scripting attacks.

Description

The remote web server is hosting Mantis, an open source bugtracking application written in PHP.

Versions of Mantis 1.2.x prior to 1.2.3 are potentially affected by multiple cross-site scripting vulnerabilities :

- A cross-site scripting issue exists when viewing the Summary page. (Bug 0012309)

- A cross-site scripting issue exists in print_all_bug_page_word.php when printing project and category names. (Bug 0012238)

- Multiple cross-site scripting issues exist which relate to custom field enumeration values. (Bug 0012232)

- A cross-site scripting vulnerability exists when deleting maliciously named categories. (Bug 012230)

- A cross-site scripting issue exists in NuSOAP WSDL. (Bug 0012312)

Solution

Upgrade to Mantis 1.2.3 or later.