Vulnerabilities > CVE-2006-0841 - Input Validation vulnerability in Mantis

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
mantis
nessus
exploit available
NVD
Published: 2006-02-22
Updated: 2018-10-18

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522.

Vulnerable Configurations

Part Description Count
Application
Mantis
61

Exploit-Db

  • descriptionMantis 0.x/1.0 view_all_set.php Multiple Parameter XSS. CVE-2006-0841. Webapps exploit for php platform
    idEDB-ID:27228
    last seen2016-02-03
    modified2006-02-15
    published2006-02-15
    reporterThomas Waldegger
    sourcehttps://www.exploit-db.com/download/27228/
    titleMantis 0.x/1.0 view_all_set.php Multiple Parameter XSS
  • descriptionMantis 0.x/1.0 manage_user_page.php sort Parameter XSS. CVE-2006-0841 . Webapps exploit for php platform
    idEDB-ID:27229
    last seen2016-02-03
    modified2006-02-15
    published2006-02-15
    reporterThomas Waldegger
    sourcehttps://www.exploit-db.com/download/27229/
    titleMantis 0.x/1.0 manage_user_page.php sort Parameter XSS

Nessus

NASL familyDebian Local Security Checks
NASL idDEBIAN_DSA-1133.NASL
descriptionSeveral remote vulnerabilities have been discovered in the Mantis bug tracking system, which may lead to the execution of arbitrary web script. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-0664 A cross-site scripting vulnerability was discovered in config_defaults_inc.php. - CVE-2006-0665 Cross-site scripting vulnerabilities were discovered in query_store.php and manage_proj_create.php. - CVE-2006-0841 Multiple cross-site scripting vulnerabilities were discovered in view_all_set.php, manage_user_page.php, view_filters_page.php and proj_doc_delete.php. - CVE-2006-1577 Multiple cross-site scripting vulnerabilities were discovered in view_all_set.php.
last seen2020-06-01
modified2020-06-02
plugin id22675
published2006-10-14
reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/22675
titleDebian DSA-1133-1 : mantis - missing input sanitising
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1133. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(22675);
  script_version("1.15");
  script_cvs_date("Date: 2019/08/02 13:32:19");

  script_cve_id("CVE-2006-0664", "CVE-2006-0665", "CVE-2006-0841", "CVE-2006-1577");
  script_xref(name:"DSA", value:"1133");

  script_name(english:"Debian DSA-1133-1 : mantis - missing input sanitising");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several remote vulnerabilities have been discovered in the Mantis bug
tracking system, which may lead to the execution of arbitrary web
script. The Common Vulnerabilities and Exposures project identifies
the following problems :

  - CVE-2006-0664
    A cross-site scripting vulnerability was discovered in
    config_defaults_inc.php.

  - CVE-2006-0665
    Cross-site scripting vulnerabilities were discovered in
    query_store.php and manage_proj_create.php.

  - CVE-2006-0841
    Multiple cross-site scripting vulnerabilities were
    discovered in view_all_set.php, manage_user_page.php,
    view_filters_page.php and proj_doc_delete.php.

  - CVE-2006-1577
    Multiple cross-site scripting vulnerabilities were
    discovered in view_all_set.php."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361138"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=378353"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2006-0664"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2006-0665"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2006-0841"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2006-1577"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2006/dsa-1133"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the mantis package.

For the stable distribution (sarge) these problems have been fixed in
version 0.19.2-5sarge4.1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mantis");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/08/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
  script_set_attribute(attribute:"vuln_publication_date", value:"2005/12/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.1", prefix:"mantis", reference:"0.19.2-5sarge4.1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

References