Mantis: XSS and SQL injection vulnerabilities — GLSA 200509-16

Mantis is affected by an SQL injection and several cross-site scripting (XSS) vulnerabilities.

Affected Packages

www-apps/mantisbt on all architectures
Affected versions < 0.19.2
Unaffected versions >= 0.19.2

Background

Mantis is a web-based bugtracking system written in PHP.

Description

Mantis fails to properly sanitize untrusted input before using it. This leads to an SQL injection and several cross-site scripting vulnerabilities.

Impact

An attacker could possibly use the SQL injection vulnerability to access or modify information from the Mantis database. Furthermore the cross-site scripting issues give an attacker the ability to inject and execute malicious script code or to steal cookie-based authentication credentials, potentially compromising the victim's browser.

Workaround

There is no known workaround at this time.

Resolution

All Mantis users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/mantisbt-0.19.2"

References

Release Date
September 24, 2005

Latest Revision
September 24, 2005: 01

Severity
normal

Exploitable
remote

Bugzilla entries