PHP Self Cross Site Scripting in MantisBT 1.2.xPHP Self Cross Site Scripting in MantisBT 1.2.x
Summary
MantisBT installations 1.2.x up to 1.2.7 are vulnerable to Cross Site Scripting attacks due to lack of sanitation of the variable $_SERVER["PHP_SELF"]
Description
Affected versions: 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2 y possible others.
Solution: Upgrade to 1.2.8
Websec-id:ws11-16
CVE: CVE-2011-3356
MantisBT
MantisBT is a free popular web-based bugtracking system (feature list). It is written in the PHP scripting language and works with MySQL, MS SQL, and PostgreSQL databases and a webserver. MantisBT has been installed on Windows, Linux, Mac OS, OS/2, and others. Almost any web browser should be able to function as a client. It is released under the terms of the GNU General Public License (GPL).
Details
The variable $_SERVER["PHP_SELF"] is not sanitized before being used causing multiple Cross Site Scripting vulnerabilities in several files.POC
http://host/plugin.php/333%22%20onerror=%22alert%28document.cookie%29%22%20/%3E?page=ManTweet/index.php
YOUTUBE
TWITTER
FACEBOOK
BLOG
EMAIL US