Vulnerabilities > CVE-2005-2557
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 9 | |
| OS | 13 | |
| OS | 1 |
Exploit-Db
| description | Mantis 0.x/1.0 Multiple Input Validation Vulnerabilities. CVE-2005-2557. Webapps exploit for php platform |
| id | EDB-ID:26172 |
| last seen | 2016-02-03 |
| modified | 2005-08-19 |
| published | 2005-08-19 |
| reporter | anonymous |
| source | https://www.exploit-db.com/download/26172/ |
| title | Mantis 0.x/1.0 - Multiple Input Validation Vulnerabilities |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-778.NASL description Two security related problems have been discovered in Mantis, a web-based bug tracking system. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2556 A remote attacker could supply a specially crafted URL to scan arbitrary ports on arbitrary hosts that may not be accessible otherwise. - CAN-2005-2557 A remote attacker was able to insert arbitrary HTML code in bug reports, hence, cross site scripting. - CAN-2005-3090 A remote attacker was able to insert arbitrary HTML code in bug reports, hence, cross site scripting. The old stable distribution (woody) does not seem to be affected by these problems. last seen 2020-06-01 modified 2020-06-02 plugin id 19475 published 2005-08-23 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19475 title Debian DSA-778-1 : mantis - missing input sanitising code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-778. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(19475); script_version("1.20"); script_cvs_date("Date: 2019/08/02 13:32:18"); script_cve_id("CVE-2005-2556", "CVE-2005-2557", "CVE-2005-3090", "CVE-2005-3091"); script_bugtraq_id(14604); script_xref(name:"DSA", value:"778"); script_name(english:"Debian DSA-778-1 : mantis - missing input sanitising"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Two security related problems have been discovered in Mantis, a web-based bug tracking system. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2556 A remote attacker could supply a specially crafted URL to scan arbitrary ports on arbitrary hosts that may not be accessible otherwise. - CAN-2005-2557 A remote attacker was able to insert arbitrary HTML code in bug reports, hence, cross site scripting. - CAN-2005-3090 A remote attacker was able to insert arbitrary HTML code in bug reports, hence, cross site scripting. The old stable distribution (woody) does not seem to be affected by these problems." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2005/dsa-778" ); script_set_attribute( attribute:"solution", value: "Upgrade the mantis package. For the stable distribution (sarge) these problems have been fixed in version 0.19.2-4." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mantis"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/08/23"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/08/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"mantis", reference:"0.19.2-4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family CGI abuses NASL id MANTIS_MULTIPLE_VULNS4.NASL description According to its banner, the version of Mantis on the remote host fails to sanitize user-supplied input to the last seen 2020-06-01 modified 2020-06-02 plugin id 19473 published 2005-08-22 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19473 title Mantis < 1.0.0rc2 Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200509-16.NASL description The remote host is affected by the vulnerability described in GLSA-200509-16 (Mantis: XSS and SQL injection vulnerabilities) Mantis fails to properly sanitize untrusted input before using it. This leads to a SQL injection and several cross-site scripting vulnerabilities. Impact : An attacker could possibly use the SQL injection vulnerability to access or modify information from the Mantis database. Furthermore the cross-site scripting issues give an attacker the ability to inject and execute malicious script code or to steal cookie-based authentication credentials, potentially compromising the victim last seen 2020-06-01 modified 2020-06-02 plugin id 19815 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19815 title GLSA-200509-16 : Mantis: XSS and SQL injection vulnerabilities
References
- http://www.mantisbt.org/changelog.php
- http://www.debian.org/security/2005/dsa-778
- http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml
- http://www.securityfocus.com/bid/14604
- http://secunia.com/advisories/16506
- http://marc.info/?l=bugtraq&m=112786017426276&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21958