MantisBT 'View Filters' And 'Edit Filter' Pages XSS Vulnerability - June19

Technical Details

Severity Level:

Low Severity

CVSS Score:

2.6

CVSS Base Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N

Summary:
This host is installed with MantisBT and is prone to a cross-site-scripting vulnerability.

Detection Method:
Checks if a vulnerable version is present on the target host.

Technical Details:
The flaw is due to: - An input validation error for PATH_INFO in the View Filters page (view_filters_page.php). - An input validation error in the Edit Filter page(manage_filter_edit_page.php).

Impact:
Successful exploitation will allow remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. NOTE: This vulnerability exists because of an incomplete fix for CVE-2018-13055.

Affected Versions:
MantisBT version 2.1.0 through 2.17.0.

Recommendations:
Upgrade to MantisBT version 2.17.1 or later. Please see the references for more information.

Solution Type:
Vendor Patch

Detection Type:
Remote Banner Unreliable

Family:

Web application abuses

Creation Time:

2019-06-22 09:26:28

Modification Time:

2019-06-22 09:38:54

Find and Fix this Vulnerability:

Mageni can help you to find out if you have this or more vulnerabilities exposing you to hackers, ransomware and malware: Download Mageni's Free Edition

NVD CVE ID:
CVE-2018-16514

Don't pay for a vulnerability scanning and management platform. This one is free.

Mageni provides a free vulnerability scanning and management platform which helps you need to find, prioritize, remediate and manage your vulnerabilities.