Red Hat Bugzilla – Bug 633011
Mantis: Vulnerable to CVE-2010-3070 (XSS in php-nusoap) due use of embedded copy of nusoap library
Last modified: 2016-03-04 06:43:20 EST
An XSS flaw has been reported against NuSOAP (original report against Mantis)
Report against NuSOAP:
David Hicks of Mantis community provided a temporary fix:
till the issue is addressed on NuSOAP side. The versions of php-nusoap
packages, as shipped with Fedora release of 12 and 13 has been already
But the versions of Mantis, as shipped with Fedora release of 12 and 13
are still prone to this issue (because it uses own embedded copy of the NuSOAP
library and not the system one).
Please fix this issue by making Mantis to use the system php-NuSOAP library,
instead of his embbeded own copy.
MantisBT 1.2.3 has been released to fix this XSS vulnerabilitiy in the bundled version of NuSOAP (and another few minor XSS issues).
Created mantis tracking bugs for this issue
Affects: fedora-all [bug 634341]
The update was pushed lately (1.1.8-4), looks like something did not work with auto-closing and commenting.