Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 11 Jun 2016 11:37:06 -0400 (EDT)
From: cve-assign@...re.org
To: dregad@...tisbt.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: MantisBT: XSS in custom fields management

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Please assign a CVE ID for the following issue.
> 
> unescaped output of 'return URL' GPC parameter
> 
> https://mantisbt.org/bugs/view.php?id=20956
> https://github.com/mantisbt/mantisbt/commit/5068df2dcf79c34741c746c9b27e0083f2a374da
> https://github.com/mantisbt/mantisbt/commit/11ab3d6c82a1d3a89b1024f77349fb60a83743c5

As far as we can tell, this is best interpreted as a single XSS
vulnerability, even though:

  - "Also `print_bracket_link()` function doesn't check if link is
     `data:` or `javascript:`" is a separate observation

  - the number of .php files changed in 1.2.x is different from the
    number of .php files changed in 1.3.x

Use CVE-2016-5364.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXXC9xAAoJEHb/MwWLVhi2D7YP/2UaDjwKLEa6K+aUJG+Zbk87
BGlRRVrzTY6co+uErHZIG/XgAho7QERN68LhjVrI3IYqBgogOlNDLtiyusM2T8W7
1gQA+paYuhcIVlI53IxsMM6ooww4rTyp4pR1fGxyRt7BhVVBs7XJzv+AJy+qxBM9
3TF/TwDvTGV0agcefOkQq0Y2iXbvWDf3R8/rX/IOYabYDXvODgzYR+szWrm9BanR
GV1Ls2Lzty5FU+/uK0KC9/WFx9JhifO19S+8J7hR9eptpgt2eMX2pxHWdTzFp//b
iSJXlInaXzueSy6UIuuDExOmKATtwl7P/0fn1GIkBzmeVoid/BQNircidhvx8ddJ
yTNKEwFNShNKevCLuDabwSXqAfmnXyfz8K+7KmsYnj9gzV+jQkmfM6o0/nV1mfp1
mEErz8WD7UqO+K1s8noZQZjmjzlpCFM8WKTPYnWP/Z6HU75qfQl3SBJV9wEiuBB6
ulcnQpzRFveAeZIjTuPfhLir7t8Lufl8Dx28iavlPmTBeSHlQL1oolEBvMD1svcX
s1H3tMqxj+MW3FJ+ZJKqqHEeaOpSZNaMmKE1NFa/S8YEo19aU7UFquxFspC0KvWk
86aAwfboUlUm5o9bHjiSr0X48DHl7ZzFcjxvoANM6cA49UWhMQK6H7LzDBgYIZRb
K+G0fIbWtCCpW1a5DvNl
=VLAF
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ