View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0022579 | mantisbt | security | public | 2017-03-25 03:23 | 2017-04-01 00:13 |
Reporter | YelinAndZhangdongsheng | Assigned To | dregad | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.3.0-rc.2 | ||||
Target Version | 1.3.9 | Fixed in Version | 1.3.9 | ||
Summary | 0022579: CVE-2017-7309: XSS in adm_config_report.php | ||||
Description | Cross-Site Scripting Vulnerability in 'adm_config_report.php' page. The /adm_config_report.php page 'config_option' parameter in MantisBT is vulnerable to a cross-site scripting vulnerability when Javascript is supplied via GET or POST request. The exploitation example below uses the "alert()" JavaScript function to display "XSS" word. | ||||
Steps To Reproduce | Install the latest Mantisbt with all default settings. Log in as administrator Unexpected result: | ||||
Additional Information | You are highly appreciated to confirm and log a CVE for this issue. | ||||
Tags | No tags attached. | ||||
Attached Files | |||||
related to | 0022537 | closed | dregad | CVE-2017-6973: XSS in adm_config_report.php |
parent of | 0022612 | closed | dregad | CVE-2017-7309: XSS in adm_config_report.php |
parent of | 0022613 | closed | dregad | CVE-2017-7309: XSS in adm_config_report.php |
related to | 0020058 | closed | cproensa | Updating config items in configuration report adds new ones |
Introduced as part of MantisBT master 13bda674 (issue 0020058) |
|
CVE Request 313160 |
|
@YelinAndZhangdongsheng the attached patch (for 1.3.0 and 2.2 branches) resolves the issue. |
|
Yes. Neat fix. |
|
Thanks for the feedback. FYI, I announced the CVE's on the Open-Source Security mailing list last night. |
|
MantisBT: master-1.3.x c9e5b1d0 2017-03-25 06:23 Details Diff |
Fix XSS in adm_config_report.php Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/ reported a vulnerability in the Configuration Report page, allowing an attacker to inject arbitrary code through a crafted 'config_option' parameter. Sanitize the parameter prior to output, to ensure HTML special characters are properly escaped. Fixes 0022579 |
Affected Issues 0022579 |
|
mod - adm_config_report.php | Diff File | ||
MantisBT: master-2.1 0243375e 2017-03-25 06:23 Details Diff |
Fix XSS in adm_config_report.php Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/ reported a vulnerability in the Configuration Report page, allowing an attacker to inject arbitrary code through a crafted 'config_option' parameter. Sanitize the parameter prior to output, to ensure HTML special characters are properly escaped. Ported from 1.3.x commit c9e5b1d0404503022605459552faeaf610bf15ae. Fixes 0022579 |
Affected Issues 0022579 |
|
mod - adm_config_report.php | Diff File | ||
MantisBT: master-2.2 e881dd79 2017-03-25 06:23 Details Diff |
Fix XSS in adm_config_report.php Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/ reported a vulnerability in the Configuration Report page, allowing an attacker to inject arbitrary code through a crafted 'config_option' parameter. Sanitize the parameter prior to output, to ensure HTML special characters are properly escaped. Ported from 1.3.x commit c9e5b1d0404503022605459552faeaf610bf15ae. Fixes 0022579 |
Affected Issues 0022579 |
|
mod - adm_config_report.php | Diff File |