Vulnerability CVE-2014-8987


Published: 2015-08-24   Modified: 2015-08-25

Description:
Cross-site scripting (XSS) vulnerability in the "set configuration" box in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the config_option parameter, a different vulnerability than CVE-2014-8986.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Mantis BugTracker 1.2.17 XSS / DoS / Redirect
Alejo Popovici
06.01.2015

Vendor: Mantisbt
Product: Mantisbt 
Version:
1.2.17
1.2.16
1.2.15
1.2.14
1.2.13

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.5/10
2.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
https://github.com/mantisbt/mantisbt/commit/49c3d089
http://www.openwall.com/lists/oss-security/2014/11/19/21
http://www.openwall.com/lists/oss-security/2014/11/15/4
http://www.openwall.com/lists/oss-security/2014/11/15/3
http://www.openwall.com/lists/oss-security/2014/11/15/2
http://www.openwall.com/lists/oss-security/2014/11/14/9
http://www.mantisbt.org/bugs/view.php?id=17870

Related CVE
CVE-2017-7615
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
CVE-2017-7309
A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter. This is fixed in 1....
CVE-2017-7241
A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP...
CVE-2017-6973
A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2.
CVE-2017-7222
A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires priv...
CVE-2017-6958
An XSS vulnerability in the MantisBT Source Integration Plugin (before 2.0.2) search result page allows an attacker to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by crafting any valid parameter.
CVE-2017-6799
A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter.
CVE-2017-6797
A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter.

Copyright 2017, cxsecurity.com