Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-wgx7-jp56-65mq: Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting

Improper escaping of a custom field’s name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when:

  • resolving or closing issues (bug_change_status_page.php) belonging to a project linking said custom field
  • viewing issues (view_all_bug_page.php) when the custom field is displayed as a column
  • printing issues (print_all_bug_page.php) when the custom field is displayed as a column

Impact

Cross-site scripting (XSS).

Patches

https://github.com/mantisbt/mantisbt/commit/447a521aae0f82f791b8116a14a20e276df739be

Workarounds

Ensure Custom Field Names do not contain HTML tags.

References

  • https://mantisbt.org/bugs/view.php?id=34432
  • This is related to CVE-2020-25830 (same root cause, different affected pages)
ghsa
#xss#git#java#php

Package

composer mantisbt/mantisbt (Composer)

Affected versions

< 2.26.2

Patched versions

2.26.2

Description

Improper escaping of a custom field’s name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when:

  • resolving or closing issues (bug_change_status_page.php) belonging to a project linking said custom field
  • viewing issues (view_all_bug_page.php) when the custom field is displayed as a column
  • printing issues (print_all_bug_page.php) when the custom field is displayed as a column

Impact

Cross-site scripting (XSS).

Patches

mantisbt/mantisbt@447a521

Workarounds

Ensure Custom Field Names do not contain HTML tags.

References

  • https://mantisbt.org/bugs/view.php?id=34432
  • This is related to CVE-2020-25830 (same root cause, different affected pages)

References

  • GHSA-wgx7-jp56-65mq
  • mantisbt/mantisbt@447a521
  • https://mantisbt.org/bugs/view.php?id=34432

dregad published to mantisbt/mantisbt

May 12, 2024

Published to the GitHub Advisory Database

May 13, 2024

Reviewed

May 13, 2024

Last updated

May 13, 2024

ghsa: Latest News

GHSA-8237-957h-h2c2: FileManager Deserialization of Untrusted Data vulnerability