MantisBT 1.2.x < 1.2.13 Multiple Vulnerabilities

medium Nessus Plugin ID 64560

Synopsis

The remote web server contains a PHP application that is affected by multiple vulnerabilities.

Description

According to its version number, the MantisBT install hosted on the remote web server is affected by multiple vulnerabilities :

- Version 1.2.12 of the application is affected by a cross-site scripting (XSS) vulnerability because the 'search.php' script fails to properly sanitize user-supplied input to the 'match_type' parameter. An attacker may be able to leverage this to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site. (CVE-2013-0197)

- Version 1.2.12 of the application is affected by a cross-site scripting (XSS) vulnerability because the application fails to properly sanitize user-supplied input. A user with manager or administrator privileges can create a category or project name containing JavaScript code. This code would then be executed within the browser of a user visiting the summary.php script.

- The application is affected by a workflow-related flaw as a user with 'Reporter' permissions can modify the status of any issue to 'New' even if the user does not have sufficient privileges to make the change.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to version 1.2.13 or later.

See Also

http://www.nessus.org/u?007c024a

https://mantisbt.org/bugs/changelog_page.php?version_id=180

Plugin Details

Severity: Medium

ID: 64560

File Name: mantis_1_2_13.nasl

Version: 1.16

Type: remote

Family: CGI abuses

Published: 2/11/2013

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:mantisbt:mantisbt

Required KB Items: installed_sw/MantisBT, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 1/18/2013

Vulnerability Publication Date: 1/15/2013

Reference Information

CVE: CVE-2013-0197, CVE-2013-1810, CVE-2013-1811

BID: 57456, 57468, 57470

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990