Page 6 of 42 results (0.006 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

view_all_bug_page.php in MantisBT 2.10.0-development before 2018-02-02 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php. En el archivo view_all_bug_page.php en MantisBT versión 2.10.0-desarrollo antes del 02-02-2018, permite a los atacantes remotos detectar la path completa por medio de un parámetro filter no válido, relacionado con una llamada a la función filter_ensure_valid_filter en el archivo current_user_api.php. • http://www.securityfocus.com/bid/103065 https://github.com/mantisbt/mantisbt/commit/de686a9e6d8c909485b87ca09c8f912bf83082f2 https://mantisbt.org/bugs/view.php?id=23921 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter to permalink_page.php. Una vulnerabilidad de tipo cross-site scripting (XSS) en MantisBT en versiones anteriores a la 1.2.19 y en versiones 1.3.x anteriores a la 1.3.0-beta.2 permite que atacantes remotos inyecten scripts web o HTML mediante el parámetro url a permalink_page.php. • http://www.openwall.com/lists/oss-security/2015/03/15/2 https://bugzilla.redhat.com/show_bug.cgi?id=1202885 https://github.com/mantisbt/mantisbt/commit/d95f070db852614fa18ccca6a4f12f4bffede1fd https://github.com/mantisbt/mantisbt/commit/e7e2b5503580e42db9d91e0d599d61d3ff03c27e https://www.mantisbt.org/bugs/view.php?id=17362#c40613 https://www.mantisbt.org/bugs/view.php?id=19493 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by the $f_database, $f_db_username, and $f_admin_username variables. This is mitigated by the fact that the admin/ folder should be deleted after installation, and also prevented by CSP. Se detectó una vulnerabilidad de tipo Cross-Site Scripting (XSS) en admin/install.php en MantisBT en versiones anteriores a la 1.3.12 y todas las 2.X anteriores a la 2.5.2. Algunas variables que están bajo el control de usuarios en el script de instalación de MantisBT no están sanitizadas correctamente antes de que se envíen, permitiendo a los atacantes remotos inyectar código JavaScript arbitrario, tal y como lo demuestran las variables $f_database, $f_db_username, y $f_admin_username. • http://openwall.com/lists/oss-security/2017/08/01/1 http://openwall.com/lists/oss-security/2017/08/01/2 http://www.securitytracker.com/id/1039030 https://github.com/mantisbt/mantisbt/commit/17f9b94f031ba93ae2a727bca0e68458ecd08fb0 https://github.com/mantisbt/mantisbt/commit/c73ae3d3d4dd4681489a9e697e8ade785e27cba5 https://mantisbt.org/bugs/view.php?id=23146 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 2

MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI. MantisBT antes de v1.3.11, 2.x antes de v2.3.3 y 2.4.x antes de v2.4.1 omite una verificación de barra invertida en string_api.php y, en consecuencia, tiene interpretaciones conflictivas de una subcadena inicial \/ como introducción de una ruta de acceso local o un host remoto, que conduce a (1) una inyección arbitraria de HTTP a través de ataques CSRF en un URI permalink_page.php?url= y (2) una redirección abierta a través de un URI login_page.php? • https://www.exploit-db.com/exploits/42043 http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt http://www.securitytracker.com/id/1038538 https://mantisbt.org/bugs/view.php?id=22702 https://mantisbt.org/bugs/view.php?id=22816 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 97%CPEs: 1EXPL: 4

MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. MantisBT hasta la versión 2.3.0 permite reinicio de contraseña arbitrario y acceso de administrador no autenticado a través de un valor confirm_hash vacío para verify.php Mantis Bug Tracker versions 1.3.0 and 2.3.0 suffer from a pre-authentication remote password reset vulnerability. • https://www.exploit-db.com/exploits/48818 https://www.exploit-db.com/exploits/41890 http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt http://packetstormsecurity.com/files/159219/Mantis-Bug-Tracker-2.3.0-Remote-Code-Execution.html http://www.openwall.com/lists/oss-security/2017/04/16/2 http://www.securityfocus.com/bid/97707 https://mantisbt.org/bugs/view.php?id=22690 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •