Vulnerability CVE-2014-8987


Published: 2015-08-24

Description:
Cross-site scripting (XSS) vulnerability in the "set configuration" box in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the config_option parameter, a different vulnerability than CVE-2014-8986.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Mantis BugTracker 1.2.17 XSS / DoS / Redirect
Alejo Popovici
06.01.2015

Vendor: Mantisbt
Product: Mantisbt 
Version:
1.2.17
1.2.16
1.2.15
1.2.14
1.2.13

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.5/10
2.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
https://github.com/mantisbt/mantisbt/commit/49c3d089
http://www.openwall.com/lists/oss-security/2014/11/19/21
http://www.openwall.com/lists/oss-security/2014/11/15/4
http://www.openwall.com/lists/oss-security/2014/11/15/3
http://www.openwall.com/lists/oss-security/2014/11/15/2
http://www.openwall.com/lists/oss-security/2014/11/14/9
http://www.mantisbt.org/bugs/view.php?id=17870

Related CVE
CVE-2014-9624
CAPTCHA bypass vulnerability in MantisBT before 1.2.19.
CVE-2015-2046
Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later before 1.2.20.
CVE-2014-9701
Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter to permalink_page.php.
CVE-2017-12419
If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" section of the MantisBT Admin Guide), and the MySQL cli...
CVE-2017-12062
An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled.
CVE-2017-12061
An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject...
CVE-2015-5059
The "Project Documentation" feature in MantisBT 1.2.19 and earlier, when the threshold to access files ($g_view_proj_doc_threshold) is set to ANYBODY, allows remote authenticated users to download attachments linked to arbitrary private projects via ...
CVE-2017-7620
MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing either a local pathname or a remote hostname, which ...

Copyright 2018, cxsecurity.com

 

Back to Top