Vulnerabilities > CVE-2004-1730 - Unspecified vulnerability in Mantis

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

mantis

nessus

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php.

Vulnerable Configurations

Part	Description	Count
Application	Mantis Mantis Mantis 0.10.2 Mantis Mantis 0.10 Mantis Mantis 0.14.7 Mantis Mantis 0.15.12 Mantis Mantis 0.18.0A2 Mantis Mantis 0.18.0A4 Mantis Mantis 0.15.3 Mantis Mantis 0.18 Mantis Mantis 0.15.9 Mantis Mantis 0.14.2 Mantis Mantis 0.9.1 Mantis Mantis 0.13 Mantis Mantis 0.10.1 Mantis Mantis 0.17.0 Mantis Mantis 0.15.10 Mantis Mantis 0.16.1 Mantis Mantis 0.15.2 Mantis Mantis 0.15.4 Mantis Mantis 0.15.11 Mantis Mantis 0.11 Mantis Mantis 0.17.4A Mantis Mantis 0.14.5 Mantis Mantis 0.18.0A3 Mantis Mantis 0.17.2 Mantis Mantis 0.14.3 Mantis Mantis 0.15.7 Mantis Mantis 0.17.3 Mantis Mantis 0.17.1 Mantis Mantis 0.19.0A Mantis Mantis 0.16 Mantis Mantis 0.18.0_Rc1 Mantis Mantis 0.14.6 Mantis Mantis 0.14.4 Mantis Mantis 0.11.1 Mantis Mantis 0.15.5 Mantis Mantis 0.12 Mantis Mantis 0.15.1 Mantis Mantis 0.14.8 Mantis Mantis 0.17.5 Mantis Mantis 0.16.0 Mantis Mantis 0.18A1 Mantis Mantis 0.13.1 Mantis Mantis 0.15.8 Mantis Mantis 0.17.4 Mantis Mantis 0.14.1 Mantis Mantis 0.15.6 Mantis Mantis 0.17 Mantis Mantis 0.14 Mantis Mantis 0.15 Mantis Mantis 0.9	50

Nessus

NASL family	CGI abuses
NASL id	MANTIS_MULTIPLE_VULNS2.NASL
description	According to its banner, the remote version of Mantis contains multiple flaws that may allow an attacker to use it to perform a mass emailing, to inject HTML tags in the remote pages, or to execute arbitrary commands on the remote host if PHP
last seen	2020-06-01
modified	2020-06-02
plugin id	14324
published	2004-08-22
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14324
title	Mantis < 0.18.3 / 0.19.0a2 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(14324); script_version("1.24"); script_cvs_date("Date: 2018/11/15 20:50:17"); script_cve_id("CVE-2004-1730", "CVE-2004-1731", "CVE-2004-1734"); script_bugtraq_id(10993, 10994, 10995); script_name(english:"Mantis < 0.18.3 / 0.19.0a2 Multiple Vulnerabilities"); script_summary(english:"Checks for the version of Mantis"); script_set_attribute(attribute:"synopsis", value: "The remote web server contains a PHP application that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the remote version of Mantis contains multiple flaws that may allow an attacker to use it to perform a mass emailing, to inject HTML tags in the remote pages, or to execute arbitrary commands on the remote host if PHP's 'register_globals' setting is enabled."); script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=109312225727345&w=2"); script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=109313416727851&w=2"); script_set_attribute(attribute:"solution", value:"Upgrade to Mantis 0.18.3 or 0.19.0a2 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:W/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/22"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/08/20"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mantisbt:mantisbt"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_family(english:"CGI abuses"); script_dependencie("mantis_detect.nasl"); script_require_keys("installed_sw/MantisBT", "Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("install_func.inc"); port = get_http_port(default:80, php:TRUE); app_name = "MantisBT"; install = get_single_install(app_name: app_name, port: port, exit_if_unknown_ver:TRUE); install_url = build_url(port:port, qs:install['path']); version = install['version']; if (report_paranoia < 2) audit(AUDIT_PARANOID); if(ereg(pattern:"^0\.([0-9]\.\|1[0-7]\.\|18\.[0-2][^0-9]\|19\.0 *a[01]([^0-9]\|$))", string:version)) { if (report_verbosity > 0) { report = '\n URL : ' +install_url+ '\n Installed version : ' +version+ '\n Fixed version : 0.18.3 or 0.19.0a2\n'; security_warning(port:port, extra:report); } else security_warning(port); } else audit(AUDIT_WEB_APP_NOT_AFFECTED, app_name, install_url, version);

Summary

Vulnerable Configurations

Nessus

References