mantis

• Author: Miklos Vajna
• Vulnerable: 1.1.8-1
• Unaffected: 1.2.2-1locris1

A vulnerability has been discovered in Mantis, which can be exploited by malicious users to conduct script insertion attacks. Input passed in uploaded attachments is not properly verified before being used. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site when a malicious file with e.g. a “gif” extension is viewed with the Microsoft Internet Explorer browser. Successful exploitation requires permissions to upload attachments.

• Bug Tracker URL: http://bugs.frugalware.org/task/4279

CVEs:

• No CVE, see http://www.mantisbt.org/blog/?p=113