Red Hat Bugzilla – Bug 448404
CVE-2008-3331 mantis: XSS in return_dynamic_filters.php
Last modified: 2016-03-04 06:44:30 EST
Antonio "s4tan" Parata and Francesco "ascii" Ongaro discovered that mantis 1.1.1
is prone to the XSS attack in return_dynamic_filters.php via filter_target
A) XSS Vulnerabilities
We have found an XSS vulnerability in return_dynamic_filters.php. In
order to exploit this vulnerability the attacker must be authenticated.
Usually the anonymous user is allowed on typical installation, so the
impact is a bit higher. The following url is a proof of concept:
Upstream bug reports (currently restricted):
Upstream commit in 1.1 SVN branch:
While looking for the patch for this issue, I've noticed another commit fixing
XSS issue in account_sponsor_page.php:
mantis-1.1.2-1.fc9 has been submitted as an update for Fedora 9
mantis-1.1.2-1.fc8 has been submitted as an update for Fedora 8
mantis-1.1.2-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
mantis-1.1.2-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php
in Mantis before 1.1.2 allows remote attackers to inject arbitrary web
script or HTML via the filter_target parameter.
This issue was addressed in: