Bug 919035 (CVE-2015-2046) - VUL-0: CVE-2015-2046 mantis: XSS in adm_config_report.php
Summary: VUL-0: CVE-2015-2046 mantis: XSS in adm_config_report.php
Status: RESOLVED FIXED
Alias: CVE-2015-2046
Product: openSUSE.org
Classification: openSUSE
Component: 3rd party software (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Andreas Stieger
QA Contact: E-mail List
URL: https://www.mantisbt.org/bugs/view.ph...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-02-23 11:36 UTC by Andreas Stieger
Modified: 2015-02-23 11:47 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2015-02-23 11:36:01 UTC 
rh#1191130

It was reported [1] that the MantisBT Configuration Report (adm_config_report.php) did not properly sanitize the form variables used when saving a filter, allowing an attacker to embed JavaScript code which would be executed in the client's browser when displaying the page.

Affected versions:
- >= 1.2.13
- 1.3.0-beta.1

Fixed in versions:
- 1.2.20 (not yet released)
- 1.3.0-beta.2 (not yet released)

Patch:
See Github [1]

Further details will be available in MantisBT issue tracker [2] once this goes public.

[1] https://github.com/mantisbt/mantisbt/commit/6defeed5 (1.2.x)
    https://github.com/mantisbt/mantisbt/commit/3c6f6e56 (1.3.x)
[2] https://www.mantisbt.org/bugs/view.php?id=19301



Affects server:php:applications mantis.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1191130
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2046
Comment 1 Andreas Stieger 2015-02-23 11:47:49 UTC 
https://build.opensuse.org/request/show/287307