Medium CVE-2011-3356 September 13, 2011
PHP Self Cross Site Scripting in MantisBT 1.2.x
MantisBT installations 1.2.x up to 1.2.7 are vulnerable to Cross Site Scripting attacks due to lack of sanitation of the variable $_SERVER["PHP_SELF"]
CVSS Score
6.1 / 10.0
Severity
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Advisory
| Application | MantisBT |
| Affected Versions | 1.2.2 through 1.2.7 |
| Fixed In | 1.2.8 |
| CVE | CVE-2011-3356 |
| Websec Advisory | WS11-16 |
Background
MantisBT is a web-based bug tracker written in PHP. It runs on Windows, Linux, macOS, and other platforms and supports MySQL, MS SQL, and PostgreSQL.
Description
The PHP variable $_SERVER["PHP_SELF"] is written into HTML output without sanitization across several files. An attacker who can convince a victim to click a crafted MantisBT URL can inject script into the response, leading to stored or reflected XSS depending on the entry point.
Remediation
Upgrade MantisBT to 1.2.8 or later.