Vulnerabilities > CVE-2006-0664 - Cross-Site Scripting vulnerability in Mantis Config_Defaults_Inc.PHP

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

mantis

nessus

NVD

Published: 2006-02-13

Updated: 2017-07-20

Summary

Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.

Vulnerable Configurations

Part	Description	Count
Application	Mantis Mantis Mantis 0.17.1 Mantis Mantis 0.17.2 Mantis Mantis 0.17.3 Mantis Mantis 0.17.4 Mantis Mantis 0.17.4A Mantis Mantis 0.17.5 Mantis Mantis 0.18 Mantis Mantis 0.18.0_Rc1 Mantis Mantis 0.18.0A2 Mantis Mantis 0.18.0A3 Mantis Mantis 0.18.0A4 Mantis Mantis 0.18.2 Mantis Mantis 0.18.3 Mantis Mantis 0.18A1 Mantis Mantis 0.19.0 Mantis Mantis 0.19.0_Rc1 Mantis Mantis 0.19.0A Mantis Mantis 0.19.0A1 Mantis Mantis 0.19.0A2 Mantis Mantis 0.19.1 Mantis Mantis 0.19.2 Mantis Mantis 0.19.3 Mantis Mantis 0.19.4 Mantis Mantis 1.0.0_Rc1 Mantis Mantis 1.0.0_Rc2 Mantis Mantis 1.0.0_Rc3 Mantis Mantis 1.0.0_Rc4 Mantis Mantis 1.0.0A1 Mantis Mantis 1.0.0A2 Mantis Mantis 1.0.0A3	30

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1133.NASL
description	Several remote vulnerabilities have been discovered in the Mantis bug tracking system, which may lead to the execution of arbitrary web script. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-0664 A cross-site scripting vulnerability was discovered in config_defaults_inc.php. - CVE-2006-0665 Cross-site scripting vulnerabilities were discovered in query_store.php and manage_proj_create.php. - CVE-2006-0841 Multiple cross-site scripting vulnerabilities were discovered in view_all_set.php, manage_user_page.php, view_filters_page.php and proj_doc_delete.php. - CVE-2006-1577 Multiple cross-site scripting vulnerabilities were discovered in view_all_set.php.
last seen	2020-06-01
modified	2020-06-02
plugin id	22675
published	2006-10-14
reporter	This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/22675
title	Debian DSA-1133-1 : mantis - missing input sanitising
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1133. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(22675); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:19"); script_cve_id("CVE-2006-0664", "CVE-2006-0665", "CVE-2006-0841", "CVE-2006-1577"); script_xref(name:"DSA", value:"1133"); script_name(english:"Debian DSA-1133-1 : mantis - missing input sanitising"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several remote vulnerabilities have been discovered in the Mantis bug tracking system, which may lead to the execution of arbitrary web script. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-0664 A cross-site scripting vulnerability was discovered in config_defaults_inc.php. - CVE-2006-0665 Cross-site scripting vulnerabilities were discovered in query_store.php and manage_proj_create.php. - CVE-2006-0841 Multiple cross-site scripting vulnerabilities were discovered in view_all_set.php, manage_user_page.php, view_filters_page.php and proj_doc_delete.php. - CVE-2006-1577 Multiple cross-site scripting vulnerabilities were discovered in view_all_set.php." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361138" ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=378353" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-0664" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-0665" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-0841" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-1577" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1133" ); script_set_attribute( attribute:"solution", value: "Upgrade the mantis package. For the stable distribution (sarge) these problems have been fixed in version 0.19.2-5sarge4.1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mantis"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/12/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"mantis", reference:"0.19.2-5sarge4.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

Summary

Vulnerable Configurations

Nessus

References