Bug 634340 (CVE-2010-3303)

Summary: CVE-2010-3303 mantis: several XSS flaws fixed in 1.2.3
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: d, giallu, sven
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-10-01 20:10:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 634341    
Bug Blocks:    

Description Vincent Danen 2010-09-15 20:16:12 UTC 
Upstream MantisBT has released [1] version 1.2.3 which corrects a number of XSS flaws.  Two already have CVE names: CVE-2010-3070 and CVE-2010-2574.  There are an additional four issues currently without CVE names.

From the changelog [1]:

- 0012312: [security] NuSOAP WSDL XSS (cross-site scripting vulnerability) in Mantis 1.2.2 (CVE-2010-3070)
- 0012230: [security] XSS vulnerability when deleting maliciously named categories (CVE-2010-2574)
- 0012231: [security] XSS vulnerability when uninstalling maliciously named plugins
- 0012232: [security] Multiple XSS issues with custom field enumeration values
- 0012234: [security] XSS issues when using custom field String values
- 0012238: [security] XSS in print_all_bug_page_word.php when printing project and category names

[1] http://sourceforge.net/mailarchive/message.php?msg_name=4C8FC573.3060900%40leetcode.net
[2] http://www.mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=1.2.3
Comment 1 Vincent Danen 2010-09-15 20:17:59 UTC 
Created mantis tracking bugs for this issue

Affects: fedora-all [bug 634341]
Comment 2 Vincent Danen 2010-09-16 21:46:54 UTC 
The four issues without CVE names have been given the name CVE-2010-3303.
Comment 3 Gianluca Sforna 2010-10-01 20:10:35 UTC 
The update was pushed lately, looks like something did not work with auto-closing.