mantis
Page content
- Author: voroskoi
- Vulnerable: 1.0.8-1
- Unaffected: 1.0.8-2sayshell1
seiji has discovered a vulnerability in Mantis, which can be exploited by malicious users to conduct script insertion attacks. Input passed as the filename for the uploaded file in bug_report.php is not properly sanitised before being stored. This can be exploited to insert arbitrary HTML and script code, which is executed in a user’s browser session in context of an affected site when the malicious filename is viewed in view.php. Successful exploitation requires valid user credentials.
- Bug Tracker URL: http://bugs.frugalware.org/task/2683