Vulnerabilities > CVE-2005-4238 - Cross-Site Scripting vulnerability in Mantis View_filters_page.PHP
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter.
Vulnerable Configurations
Exploit-Db
| description | Mantis 0.x/1.0 View_filters_page.PHP Cross-Site Scripting Vulnerability. CVE-2005-4238 . Webapps exploit for php platform |
| id | EDB-ID:26798 |
| last seen | 2016-02-03 |
| modified | 2005-12-13 |
| published | 2005-12-13 |
| reporter | r0t |
| source | https://www.exploit-db.com/download/26798/ |
| title | Mantis 0.x/1.0 View_filters_page.PHP Cross-Site Scripting Vulnerability |
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_592815DA9EED11DAB410000E0C2E438A.NASL description r0t reports : Mantis contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to last seen 2020-06-01 modified 2020-06-02 plugin id 21430 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21430 title FreeBSD : mantis -- 'view_filters_page.php' XSS vulnerability (592815da-9eed-11da-b410-000e0c2e438a) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(21430); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:38"); script_cve_id("CVE-2005-4238"); script_name(english:"FreeBSD : mantis -- 'view_filters_page.php' XSS vulnerability (592815da-9eed-11da-b410-000e0c2e438a)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "r0t reports : Mantis contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to 'target_field' parameter in 'view_filters_page.php' is not properly sanitised before being returned to the user. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity." ); # http://pridels.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?20d1a509" ); # https://vuxml.freebsd.org/freebsd/592815da-9eed-11da-b410-000e0c2e438a.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ca8aab9b" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mantis"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/12/13"); script_set_attribute(attribute:"patch_publication_date", value:"2006/02/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/05/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"mantis<1.0.0a4")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_6E3B12E26CE311DAB90C000E0C2E438A.NASL description r0t reports : Mantis contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to last seen 2020-06-01 modified 2020-06-02 plugin id 21450 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21450 title FreeBSD : mantis -- 'view_filters_page.php' XSS vulnerability (6e3b12e2-6ce3-11da-b90c-000e0c2e438a) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(21450); script_version("1.23"); script_cvs_date("Date: 2019/08/02 13:32:37"); script_cve_id("CVE-2005-4238"); script_bugtraq_id(15842); script_name(english:"FreeBSD : mantis -- 'view_filters_page.php' XSS vulnerability (6e3b12e2-6ce3-11da-b90c-000e0c2e438a)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "r0t reports : Mantis contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to 'target_field' parameter in 'view_filters_page.php' isn't properly sanitised before being returned to the user. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity." ); # http://pridels.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?20d1a509" ); # https://vuxml.freebsd.org/freebsd/6e3b12e2-6ce3-11da-b90c-000e0c2e438a.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?821b062a" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mantis"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/12/13"); script_set_attribute(attribute:"patch_publication_date", value:"2005/12/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/05/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"mantis<1.0.0rc4")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-944.NASL description Several security related problems have been discovered in Mantis, a web-based bug tracking system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-4238 Missing input sanitising allows remote attackers to inject arbitrary web script or HTML. - CVE-2005-4518 Tobias Klein discovered that Mantis allows remote attackers to bypass the file upload size restriction. - CVE-2005-4519 Tobias Klein discovered several SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. - CVE-2005-4520 Tobias Klein discovered unspecified last seen 2020-06-01 modified 2020-06-02 plugin id 22810 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22810 title Debian DSA-944-1 : mantis - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-944. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(22810); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:32:20"); script_cve_id("CVE-2005-4238", "CVE-2005-4518", "CVE-2005-4519", "CVE-2005-4520", "CVE-2005-4521", "CVE-2005-4522", "CVE-2005-4523", "CVE-2005-4524"); script_bugtraq_id(15842, 16046); script_xref(name:"DSA", value:"944"); script_name(english:"Debian DSA-944-1 : mantis - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several security related problems have been discovered in Mantis, a web-based bug tracking system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-4238 Missing input sanitising allows remote attackers to inject arbitrary web script or HTML. - CVE-2005-4518 Tobias Klein discovered that Mantis allows remote attackers to bypass the file upload size restriction. - CVE-2005-4519 Tobias Klein discovered several SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. - CVE-2005-4520 Tobias Klein discovered unspecified 'port injection' vulnerabilities in filters. - CVE-2005-4521 Tobias Klein discovered a CRLF injection vulnerability that allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks. - CVE-2005-4522 Tobias Klein discovered several cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML. - CVE-2005-4523 Tobias Klein discovered that Mantis discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information. - CVE-2005-4524 Tobias Klein discovered that Mantis does not properly handle 'Make note private' when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak. The old stable distribution (woody) does not seem to be affected by these problems." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345288" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-4238" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-4518" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-4519" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-4520" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-4521" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-4522" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-4523" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-4524" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-944" ); script_set_attribute( attribute:"solution", value: "Upgrade the mantis package. For the stable distribution (sarge) these problems have been fixed in version 0.19.2-5sarge1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mantis"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/01/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"mantis", reference:"0.19.2-5sarge1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");