Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 10 Mar 2017 12:56:25 +0100
From: Damien Regad <dregad@...tisbt.org>
To: oss-security@...ts.openwall.com
Subject: Advisory: XSS issues in MantisBT (CVE-2017-6797, CVE-2017-6799)

Please take note of the following 2 cross-site scripting issues in MantisBT

Best regards
Damien Regad
MantisBT developer


1. CVE-2017-6797: XSS in bug_change_status_page.php

A cross-site scripting (XSS) vulnerability in bug_change_status_page.php
allows remote attackers to inject arbitrary JavaScript via the
'action_type' parameter.

Affected versions: 1.3.0-beta.3 through 2.2.0
Fixed in versions: 1.3.7, 2.2.1 (not yet released)

Patch:
- 1.3:
https://github.com/mantisbt/mantisbt/commit/a2d90ecabf3bcf3aa22ed9dbbecfd3d37902956f
- 2.x:
https://github.com/mantisbt/mantisbt/commit/c272c3f65da9677e505ff692b1f1e476b3afa56e

Credits:
Reported by Etienne Landais, fixed by Damien Regad (MantisBT developer)

References:
MantisBT issue tracker http://www.mantisbt.org/bugs/view.php?id=22486


2. CVE-2017-6799 - XSS in view_filters_page.php

A cross-site scripting (XSS) vulnerability in view_filters_page.php allows
remote attackers to inject arbitrary JavaScript via the 'view_type'
parameter.

Affected versions: 2.1.0 through 2.2.0; fixed
Fixed in versions: 2.2.1 (not yet released)

Patch:
https://github.com/mantisbt/mantisbt/commit/1677251434b6e8b2be8f1d4376a3e78f7be14d95

Credits:
Reported by Etienne Landais, fixed by Damien Regad (MantisBT developer)

References:
MantisBT issue tracker http://www.mantisbt.org/bugs/view.php?id=22497

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ