Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MantisBT 1.2.x < 1.2.18 Multiple Vulnerabilities

Medium

Synopsis

The remote web server is hosting a web application that is vulnerable to multiple attack vectors.

Description

The remote web server is hosting MantisBT, an open source bug tracking application written in PHP.

Versions of MantisBT 1.2.x prior to 1.2.18 are affected by the following vulnerabilities :

- An error exists in the file 'core/string_api.php' that could allow open redirect attacks. (CVE-2014-6316)

- An input validation flaw exists in 'helper_api.php' when the 'extended project browser' mode is enabled. This affects the 'project' cookie parameter, which could allow remote attackers to inject arbitrary web script or HTML into the page. (CVE-2014-9269)

- An input validation error exists in the 'string_insert_href' function affecting the URL protocol, allowing a remote attacker to perform cross-site scripting attacks via the 'javascript://' protocol. (CVE-2014-9272)

Solution

Upgrade to MantisBT 1.2.18 or later.