Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 14 Mar 2015 11:09:55 +0100
From: Damien Regad <dregad@...tisbt.org>
To: oss-security@...ts.openwall.com
Subject: CVE Request: XSS issue in MantisBT permalink_page.php

Greetings,

Please assign a CVE ID for the following issue

Description:

MantisBT's permalink_page.php builds a permanent link to a configured 
filter. Using a crafted URL, an attacker can make this link execute 
arbitrary javascript code in the user's browser.

Affected versions:
- >= 1.1.0a4
- 1.3.0-beta.1

Fixed in versions:
- 1.2.19 (released 2015-01-25)
- 1.3.0-beta.2 (not yet released)

Patch:
See Github [1]

Credit:
This vulnerability was originally discovered by Paul Richards in May 
2014, with the first public report in [2] and also mentioned in [3], 
although a CVE was never requested for it.
It was recently reported a second time by Robert Foggia in [4], leading 
to the present CVE request.
The issue was fixed by Damien Regad (MantisBT Developer), as a 
side-effect of addressing CVE-2015-1042, see [5].

References:
Further details will be available in our issue tracker [2] once this 
goes public.

[1] https://github.com/mantisbt/mantisbt/commit/d95f070d (1.2.x)
     https://github.com/mantisbt/mantisbt/commit/e7e2b550 (1.3.x)
[2] https://www.mantisbt.org/bugs/view.php?id=17362#c40613
[3] http://article.gmane.org/gmane.comp.security.oss.general/15022
[4] https://www.mantisbt.org/bugs/view.php?id=19493
[5] https://www.mantisbt.org/bugs/view.php?id=17997


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ