Several remote vulnerabilities have been discovered in the Mantis bug
tracking system, which may lead to the execution of arbitrary web script.
The Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2006-0664
A cross-site scripting vulnerability was discovered in
config_defaults_inc.php.
CVE-2006-0665
Cross-site scripting vulnerabilities were discovered in query_store.php
and manage_proj_create.php.
CVE-2006-0841
Multiple cross-site scripting vulnerabilities were discovered in
view_all_set.php, manage_user_page.php, view_filters_page.php and
proj_doc_delete.php.
CVE-2006-1577
Multiple cross-site scripting vulnerabilities were discovered in
view_all_set.php.
For the stable distribution (sarge) these problems have been fixed in
version 0.19.2-5sarge4.1.
For the unstable distribution (sid) these problems have been fixed in
version 0.19.4-3.1.
We recommend that you upgrade your mantis package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
These files will probably be moved into the stable distribution on
its next update.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
{"id": "DEBIAN:DSA-1133-1:50251", "bulletinFamily": "unix", "title": "[SECURITY] [DSA 1133-1] New mantis packages fix execution of arbitrary web script code", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1133-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nAugust 1st, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : mantis\nVulnerability : missing input sanitising\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2006-0664 CVE-2006-0665 CVE-2006-0841 CVE-2006-1577\nDebian Bug : 361138 378353\n\nSeveral remote vulnerabilities have been discovered in the Mantis bug\ntracking system, which may lead to the execution of arbitrary web script.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2006-0664\n\n A cross-site scripting vulnerability was discovered in\n config_defaults_inc.php.\n\nCVE-2006-0665\n\n Cross-site scripting vulnerabilities were discovered in query_store.php\n and manage_proj_create.php.\n\nCVE-2006-0841\n\n Multiple cross-site scripting vulnerabilities were discovered in\n view_all_set.php, manage_user_page.php, view_filters_page.php and\n proj_doc_delete.php.\n\nCVE-2006-1577\n\n Multiple cross-site scripting vulnerabilities were discovered in\n view_all_set.php.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.19.2-5sarge4.1.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.19.4-3.1.\n\nWe recommend that you upgrade your mantis package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2-5sarge4.1.dsc\n Size/MD5 checksum: 586 186850cfa7493513907212591d8c550b\n http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2-5sarge4.1.diff.gz\n Size/MD5 checksum: 42068 74a6598eff0b5f741df8c768c060edc4\n http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2.orig.tar.gz\n Size/MD5 checksum: 1298615 042c42c6de3bc536181391c1e9b25db3\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2-5sarge4.1_all.deb\n Size/MD5 checksum: 897142 6a94215892b6efedd61e042973060022\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "published": "2006-08-01T00:00:00", "modified": "2006-08-01T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00222.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2006-0841", "CVE-2006-0665", "CVE-2006-0664", "CVE-2006-1577"], "type": "debian", "lastseen": "2019-05-30T02:21:31", "edition": 2, "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-0665", "CVE-2006-0664", "CVE-2006-1577", "CVE-2006-0841"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1133.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:57202"]}, {"type": "osvdb", "idList": ["OSVDB:24292", "OSVDB:23082", "OSVDB:23081", "OSVDB:23248", "OSVDB:23080", "OSVDB:22487"]}, {"type": "exploitdb", "idList": ["EDB-ID:27228", "EDB-ID:27229"]}], "modified": "2019-05-30T02:21:31", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2019-05-30T02:21:31", "rev": 2}, "vulnersScore": 6.9}, "affectedPackage": [{"OS": "Debian", "OSVersion": "3.1", "arch": "all", "operator": "lt", "packageFilename": "mantis_0.19.2-5sarge4.1_all.deb", "packageName": "mantis", "packageVersion": "0.19.2-5sarge4.1"}], "scheme": null, "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:27:18", "description": "Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.", "edition": 4, "cvss3": {}, "published": "2006-02-13T11:06:00", "title": "CVE-2006-0664", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0664"], "modified": "2017-07-20T01:29:00", "cpe": ["cpe:/a:mantis:mantis:0.18.0a4", "cpe:/a:mantis:mantis:0.19.2", "cpe:/a:mantis:mantis:0.17.5", "cpe:/a:mantis:mantis:0.18.0a2", "cpe:/a:mantis:mantis:0.17.2", "cpe:/a:mantis:mantis:0.19.0_rc1", "cpe:/a:mantis:mantis:0.17.4a", "cpe:/a:mantis:mantis:0.18.0a3", "cpe:/a:mantis:mantis:0.18a1", "cpe:/a:mantis:mantis:1.0.0_rc4", "cpe:/a:mantis:mantis:0.17.4", "cpe:/a:mantis:mantis:1.0.0_rc1", "cpe:/a:mantis:mantis:0.19.0a1", "cpe:/a:mantis:mantis:0.19.0", "cpe:/a:mantis:mantis:0.19.1", "cpe:/a:mantis:mantis:0.17.1", "cpe:/a:mantis:mantis:1.0.0_rc3", "cpe:/a:mantis:mantis:0.19.4", "cpe:/a:mantis:mantis:0.18.3", "cpe:/a:mantis:mantis:0.19.3", "cpe:/a:mantis:mantis:0.17.3", "cpe:/a:mantis:mantis:0.18", "cpe:/a:mantis:mantis:1.0.0a2", "cpe:/a:mantis:mantis:1.0.0_rc2", "cpe:/a:mantis:mantis:0.19.0a2", "cpe:/a:mantis:mantis:0.18.2", "cpe:/a:mantis:mantis:1.0.0a1", "cpe:/a:mantis:mantis:0.19.0a", "cpe:/a:mantis:mantis:1.0.0a3", "cpe:/a:mantis:mantis:0.18.0_rc1"], "id": "CVE-2006-0664", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0664", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:27:18", "description": "Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.", "edition": 4, "cvss3": {}, "published": "2006-02-13T11:06:00", "title": "CVE-2006-0665", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0665"], "modified": "2011-03-08T02:30:00", "cpe": ["cpe:/a:mantis:mantis:0.18.0a4", "cpe:/a:mantis:mantis:0.19.2", "cpe:/a:mantis:mantis:0.17.5", "cpe:/a:mantis:mantis:0.18.0a2", "cpe:/a:mantis:mantis:0.17.2", "cpe:/a:mantis:mantis:0.19.0_rc1", "cpe:/a:mantis:mantis:0.17.4a", "cpe:/a:mantis:mantis:0.18.0a3", "cpe:/a:mantis:mantis:0.18a1", "cpe:/a:mantis:mantis:1.0.0_rc4", "cpe:/a:mantis:mantis:0.17.4", "cpe:/a:mantis:mantis:1.0.0_rc1", "cpe:/a:mantis:mantis:0.19.0a1", "cpe:/a:mantis:mantis:0.19.0", "cpe:/a:mantis:mantis:0.19.1", "cpe:/a:mantis:mantis:0.17.1", "cpe:/a:mantis:mantis:1.0.0_rc3", "cpe:/a:mantis:mantis:0.19.4", "cpe:/a:mantis:mantis:0.18.3", "cpe:/a:mantis:mantis:0.19.3", "cpe:/a:mantis:mantis:0.17.3", "cpe:/a:mantis:mantis:0.18", "cpe:/a:mantis:mantis:1.0.0a2", "cpe:/a:mantis:mantis:1.0.0_rc2", "cpe:/a:mantis:mantis:0.19.0a2", "cpe:/a:mantis:mantis:0.18.2", "cpe:/a:mantis:mantis:1.0.0a1", "cpe:/a:mantis:mantis:0.19.0a", "cpe:/a:mantis:mantis:1.0.0a3", "cpe:/a:mantis:mantis:0.18.0_rc1"], "id": "CVE-2006-0665", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0665", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:27:19", "description": "Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters.", "edition": 4, "cvss3": {}, "published": "2006-04-02T21:04:00", "title": "CVE-2006-1577", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-1577"], "modified": "2017-07-20T01:30:00", "cpe": ["cpe:/a:mantis:mantis:1.0", "cpe:/a:mantis:mantis:1.0.0_rc4", "cpe:/a:mantis:mantis:1.0.0_rc1", "cpe:/a:mantis:mantis:1.0.0_rc3", "cpe:/a:mantis:mantis:1.0.1", "cpe:/a:mantis:mantis:1.0.0a2", "cpe:/a:mantis:mantis:1.0.0_rc2", "cpe:/a:mantis:mantis:1.0.0a1", "cpe:/a:mantis:mantis:1.0.0a3"], "id": "CVE-2006-1577", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1577", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:27:18", "description": "Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522.", "edition": 4, "cvss3": {}, "published": "2006-02-22T02:02:00", "title": "CVE-2006-0841", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0841"], "modified": "2018-10-18T16:29:00", "cpe": ["cpe:/a:mantis:mantis:0.15.1", "cpe:/a:mantis:mantis:0.18.0a4", "cpe:/a:mantis:mantis:0.14.8", "cpe:/a:mantis:mantis:0.10", "cpe:/a:mantis:mantis:0.14", "cpe:/a:mantis:mantis:0.19.2", "cpe:/a:mantis:mantis:0.11.1", "cpe:/a:mantis:mantis:0.16.0", "cpe:/a:mantis:mantis:0.12", "cpe:/a:mantis:mantis:0.18.0a1", "cpe:/a:mantis:mantis:0.18.0a2", "cpe:/a:mantis:mantis:0.11", "cpe:/a:mantis:mantis:0.15.0", "cpe:/a:mantis:mantis:0.13.0", "cpe:/a:mantis:mantis:0.19.0_rc1", "cpe:/a:mantis:mantis:0.9", "cpe:/a:mantis:mantis:0.14.7", "cpe:/a:mantis:mantis:0.12.0", "cpe:/a:mantis:mantis:0.17.4a", "cpe:/a:mantis:mantis:0.10.0", "cpe:/a:mantis:mantis:0.14.3", "cpe:/a:mantis:mantis:0.17", "cpe:/a:mantis:mantis:0.14.4", "cpe:/a:mantis:mantis:0.18.0a3", "cpe:/a:mantis:mantis:0.16", "cpe:/a:mantis:mantis:0.18a1", "cpe:/a:mantis:mantis:1.0.0_rc4", "cpe:/a:mantis:mantis:1.0.0_rc1", "cpe:/a:mantis:mantis:0.18.1", "cpe:/a:mantis:mantis:0.10.1", "cpe:/a:mantis:mantis:0.14.2", "cpe:/a:mantis:mantis:0.14.1", "cpe:/a:mantis:mantis:0.9.0", "cpe:/a:mantis:mantis:0.19.0a1", "cpe:/a:mantis:mantis:0.15.2", "cpe:/a:mantis:mantis:0.19.0", "cpe:/a:mantis:mantis:0.18.0", "cpe:/a:mantis:mantis:0.19.1", "cpe:/a:mantis:mantis:0.14.6", "cpe:/a:mantis:mantis:0.9.1", "cpe:/a:mantis:mantis:0.14.5", "cpe:/a:mantis:mantis:0.17.0", "cpe:/a:mantis:mantis:0.13.1", "cpe:/a:mantis:mantis:0.15", "cpe:/a:mantis:mantis:1.0.0_rc3", "cpe:/a:mantis:mantis:0.19.4", "cpe:/a:mantis:mantis:0.18.3", "cpe:/a:mantis:mantis:0.19.3", "cpe:/a:mantis:mantis:0.11.0", "cpe:/a:mantis:mantis:0.18", "cpe:/a:mantis:mantis:0.10.2", "cpe:/a:mantis:mantis:1.0.0a2", "cpe:/a:mantis:mantis:1.0.0_rc2", "cpe:/a:mantis:mantis:0.19.0a2", "cpe:/a:mantis:mantis:0.18.2", "cpe:/a:mantis:mantis:1.0.0a1", "cpe:/a:mantis:mantis:0.19.0a", "cpe:/a:mantis:mantis:1.0.0a3", "cpe:/a:mantis:mantis:0.13", "cpe:/a:mantis:mantis:0.14.0", "cpe:/a:mantis:mantis:0.18.0_rc1"], "id": "CVE-2006-0841", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0841", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.18.0a1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.18.0:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.18.1:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-24T12:49:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-0841", "CVE-2006-0665", "CVE-2006-0664", "CVE-2006-1577"], "description": "The remote host is missing an update to mantis\nannounced via advisory DSA 1133-1.\n\nSeveral remote vulnerabilities have been discovered in the Mantis bug\ntracking system, which may lead to the execution of arbitrary web script.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2006-0664\n\nA cross-site scripting vulnerability was discovered in\nconfig_defaults_inc.php.\n\nCVE-2006-0665\n\nCross-site scripting vulnerabilities were discovered in query_store.php\nand manage_proj_create.php.\n\nCVE-2006-0841\n\nMultiple cross-site scripting vulnerabilities were discovered in\nview_all_set.php, manage_user_page.php, view_filters_page.php and\nproj_doc_delete.php.\n\nCVE-2006-1577\n\nMultiple cross-site scripting vulnerabilities were discovered in\nview_all_set.php.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:57202", "href": "http://plugins.openvas.org/nasl.php?oid=57202", "type": "openvas", "title": "Debian Security Advisory DSA 1133-1 (mantis)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1133_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1133-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 0.19.2-5sarge4.1.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.19.4-3.1.\n\nWe recommend that you upgrade your mantis package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201133-1\";\ntag_summary = \"The remote host is missing an update to mantis\nannounced via advisory DSA 1133-1.\n\nSeveral remote vulnerabilities have been discovered in the Mantis bug\ntracking system, which may lead to the execution of arbitrary web script.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2006-0664\n\nA cross-site scripting vulnerability was discovered in\nconfig_defaults_inc.php.\n\nCVE-2006-0665\n\nCross-site scripting vulnerabilities were discovered in query_store.php\nand manage_proj_create.php.\n\nCVE-2006-0841\n\nMultiple cross-site scripting vulnerabilities were discovered in\nview_all_set.php, manage_user_page.php, view_filters_page.php and\nproj_doc_delete.php.\n\nCVE-2006-1577\n\nMultiple cross-site scripting vulnerabilities were discovered in\nview_all_set.php.\";\n\n\nif(description)\n{\n script_id(57202);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:13:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-0664\", \"CVE-2006-0665\", \"CVE-2006-0841\", \"CVE-2006-1577\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1133-1 (mantis)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mantis\", ver:\"0.19.2-5sarge4.1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-06T09:44:40", "description": "Several remote vulnerabilities have been discovered in the Mantis bug\ntracking system, which may lead to the execution of arbitrary web\nscript. The Common Vulnerabilities and Exposures project identifies\nthe following problems :\n\n - CVE-2006-0664\n A cross-site scripting vulnerability was discovered in\n config_defaults_inc.php.\n\n - CVE-2006-0665\n Cross-site scripting vulnerabilities were discovered in\n query_store.php and manage_proj_create.php.\n\n - CVE-2006-0841\n Multiple cross-site scripting vulnerabilities were\n discovered in view_all_set.php, manage_user_page.php,\n view_filters_page.php and proj_doc_delete.php.\n\n - CVE-2006-1577\n Multiple cross-site scripting vulnerabilities were\n discovered in view_all_set.php.", "edition": 25, "published": "2006-10-14T00:00:00", "title": "Debian DSA-1133-1 : mantis - missing input sanitising", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-0841", "CVE-2006-0665", "CVE-2006-0664", "CVE-2006-1577"], "modified": "2006-10-14T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:mantis"], "id": "DEBIAN_DSA-1133.NASL", "href": "https://www.tenable.com/plugins/nessus/22675", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1133. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22675);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-0664\", \"CVE-2006-0665\", \"CVE-2006-0841\", \"CVE-2006-1577\");\n script_xref(name:\"DSA\", value:\"1133\");\n\n script_name(english:\"Debian DSA-1133-1 : mantis - missing input sanitising\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in the Mantis bug\ntracking system, which may lead to the execution of arbitrary web\nscript. The Common Vulnerabilities and Exposures project identifies\nthe following problems :\n\n - CVE-2006-0664\n A cross-site scripting vulnerability was discovered in\n config_defaults_inc.php.\n\n - CVE-2006-0665\n Cross-site scripting vulnerabilities were discovered in\n query_store.php and manage_proj_create.php.\n\n - CVE-2006-0841\n Multiple cross-site scripting vulnerabilities were\n discovered in view_all_set.php, manage_user_page.php,\n view_filters_page.php and proj_doc_delete.php.\n\n - CVE-2006-1577\n Multiple cross-site scripting vulnerabilities were\n discovered in view_all_set.php.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=378353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-0664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-0665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-0841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-1577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1133\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mantis package.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.19.2-5sarge4.1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mantis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/12/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"mantis\", reference:\"0.19.2-5sarge4.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:20", "bulletinFamily": "software", "cvelist": ["CVE-2006-0664"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.mantisbt.org/\nVendor Specific News/Changelog Entry: http://cvs.sourceforge.net/viewcvs.py/mantisbt/mantisbt/config_defaults_inc.php?rev=1.289&view=log\n[Related OSVDB ID: 23082](https://vulners.com/osvdb/OSVDB:23082)\n[Related OSVDB ID: 23081](https://vulners.com/osvdb/OSVDB:23081)\nFrSIRT Advisory: ADV-2006-0485\n[CVE-2006-0664](https://vulners.com/cve/CVE-2006-0664)\nBugtraq ID: 16561\n", "modified": "2006-02-03T06:00:50", "published": "2006-02-03T06:00:50", "href": "https://vulners.com/osvdb/OSVDB:23080", "id": "OSVDB:23080", "title": "Mantis config_defaults_inc.php Unspecified XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:20", "bulletinFamily": "software", "cvelist": ["CVE-2006-0665"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.mantisbt.org/\nVendor Specific News/Changelog Entry: http://cvs.sourceforge.net/viewcvs.py/mantisbt/mantisbt/manage_proj_create.php?rev=1.9&view=log\nVendor Specific News/Changelog Entry: http://cvs.sourceforge.net/viewcvs.py/mantisbt/mantisbt/manage_proj_create.php?r1=1.7.14.1&r2=1.7.14.1.2.1\n[Related OSVDB ID: 23080](https://vulners.com/osvdb/OSVDB:23080)\n[Related OSVDB ID: 23082](https://vulners.com/osvdb/OSVDB:23082)\nFrSIRT Advisory: ADV-2006-0485\n[CVE-2006-0665](https://vulners.com/cve/CVE-2006-0665)\nBugtraq ID: 16561\n", "modified": "2006-02-03T06:00:50", "published": "2006-02-03T06:00:50", "href": "https://vulners.com/osvdb/OSVDB:23081", "id": "OSVDB:23081", "title": "Mantis query_store.php Unspecified Input Validation Issue", "type": "osvdb", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:20", "bulletinFamily": "software", "cvelist": ["CVE-2006-0665"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.mantisbt.org/\nVendor Specific News/Changelog Entry: http://cvs.sourceforge.net/viewcvs.py/mantisbt/mantisbt/query_store.php?rev=1.6&view=log\n[Related OSVDB ID: 23080](https://vulners.com/osvdb/OSVDB:23080)\n[Related OSVDB ID: 23081](https://vulners.com/osvdb/OSVDB:23081)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0216.html\nFrSIRT Advisory: ADV-2006-0485\n[CVE-2006-0665](https://vulners.com/cve/CVE-2006-0665)\nBugtraq ID: 16561\n", "modified": "2006-02-03T06:00:50", "published": "2006-02-03T06:00:50", "href": "https://vulners.com/osvdb/OSVDB:23082", "id": "OSVDB:23082", "title": "Mantis manage_proj_create.php title Variable XSS", "type": "osvdb", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:20", "bulletinFamily": "software", "cvelist": ["CVE-2006-0841"], "edition": 1, "description": "## Vulnerability Description\nMantis contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'hide_status', 'handler_id', 'user_monitor', 'reporter_id', 'view_type', 'show_severity', 'show_category', 'show_status', 'show_resolution', 'show_build', 'show_profile', 'show_priority', 'highlight_changed', 'relationship_type', and 'relationship_bug' variables upon submission to the 'view_all_set.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.0.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMantis contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'hide_status', 'handler_id', 'user_monitor', 'reporter_id', 'view_type', 'show_severity', 'show_category', 'show_status', 'show_resolution', 'show_build', 'show_profile', 'show_priority', 'highlight_changed', 'relationship_type', and 'relationship_bug' variables upon submission to the 'view_all_set.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.mantisbt.org/\n[Secunia Advisory ID:18434](https://secuniaresearch.flexerasoftware.com/advisories/18434/)\n[Secunia Advisory ID:21400](https://secuniaresearch.flexerasoftware.com/advisories/21400/)\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1133\nMail List Post: http://morph3us.org/advisories/20060214-mantis-100rc4.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0216.html\nKeyword: BuHa Security-Advisory #7\n[CVE-2006-0841](https://vulners.com/cve/CVE-2006-0841)\n", "modified": "2006-02-14T00:07:12", "published": "2006-02-14T00:07:12", "href": "https://vulners.com/osvdb/OSVDB:23248", "id": "OSVDB:23248", "title": "Mantis view_all_set.php Multiple Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:19", "bulletinFamily": "software", "cvelist": ["CVE-2006-0841"], "edition": 1, "description": "## Vulnerability Description\nMantis contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the manage_users functionality. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.0.0rc5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMantis contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the manage_users functionality. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.mantisbt.org/\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=386059&group_id=14963\n[Secunia Advisory ID:18434](https://secuniaresearch.flexerasoftware.com/advisories/18434/)\n[Secunia Advisory ID:21400](https://secuniaresearch.flexerasoftware.com/advisories/21400/)\n[Related OSVDB ID: 22488](https://vulners.com/osvdb/OSVDB:22488)\n[Related OSVDB ID: 22489](https://vulners.com/osvdb/OSVDB:22489)\nOther Advisory URL: http://bugs.mantisbt.org/view.php?id=6509\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1133\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0216.html\n[CVE-2006-0841](https://vulners.com/cve/CVE-2006-0841)\n", "modified": "2006-01-17T07:03:17", "published": "2006-01-17T07:03:17", "href": "https://vulners.com/osvdb/OSVDB:22487", "id": "OSVDB:22487", "type": "osvdb", "title": "Mantis manage_user_page.php sort Variable XSS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:21", "bulletinFamily": "software", "cvelist": ["CVE-2006-1577"], "edition": 1, "description": "## Vulnerability Description\nMantis contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'start_day', 'start_year', and 'start_month' variables upon submission to the view_all_set.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nMantis contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'start_day', 'start_year', and 'start_month' variables upon submission to the view_all_set.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\n/view_all_set.php?type=1&temporary=y&do_filter_by_date=on&start_year=2006&start_month=03&start_day=[XSS]\n\n/view_all_set.php?type=1&temporary=y&do_filter_by_date=on&start_year=[XSS]\n\n/view_all_set.php?type=1&temporary=y&do_filter_by_date=on&start_year=2006&start_month=[XSS]\n## References:\nVendor URL: http://www.mantisbt.org/\n[Secunia Advisory ID:21400](https://secuniaresearch.flexerasoftware.com/advisories/21400/)\n[Secunia Advisory ID:19471](https://secuniaresearch.flexerasoftware.com/advisories/19471/)\nOther Advisory URL: http://pridels.blogspot.com/2006/03/mantis-xss-vuln.html\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1133\nISS X-Force ID: 25579\nFrSIRT Advisory: ADV-2006-1184\n[CVE-2006-1577](https://vulners.com/cve/CVE-2006-1577)\nBugtraq ID: 17326\n", "modified": "2006-03-31T02:17:39", "published": "2006-03-31T02:17:39", "href": "https://vulners.com/osvdb/OSVDB:24292", "id": "OSVDB:24292", "type": "osvdb", "title": "Mantis view_all_set.php Multiple Variable XSS", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-03T05:24:01", "description": "Mantis 0.x/1.0 manage_user_page.php sort Parameter XSS. CVE-2006-0841 . Webapps exploit for php platform", "published": "2006-02-15T00:00:00", "type": "exploitdb", "title": "Mantis 0.x/1.0 manage_user_page.php sort Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-0841"], "modified": "2006-02-15T00:00:00", "id": "EDB-ID:27229", "href": "https://www.exploit-db.com/exploits/27229/", "sourceData": "source: http://www.securityfocus.com/bid/16657/info\r\n \r\nMantis is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.\r\n \r\nSuccessful exploitation of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.\r\n\r\nhttp://www.example.com/manage_user_page.php?sort=[XSS]", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/27229/"}, {"lastseen": "2016-02-03T05:23:51", "description": "Mantis 0.x/1.0 view_all_set.php Multiple Parameter XSS. CVE-2006-0841. Webapps exploit for php platform", "published": "2006-02-15T00:00:00", "type": "exploitdb", "title": "Mantis 0.x/1.0 view_all_set.php Multiple Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-0841"], "modified": "2006-02-15T00:00:00", "id": "EDB-ID:27228", "href": "https://www.exploit-db.com/exploits/27228/", "sourceData": "source: http://www.securityfocus.com/bid/16657/info\r\n\r\nMantis is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. \r\n\r\nSuccessful exploitation of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.\r\n\r\nhttp://www.example.com/view_all_set.php?type=1&handler_id=1&hide_status=[XSS]\r\nhttp://www.example.com/view_all_set.php?type=1&handler_id=[XSS]\r\nhttp://www.example.com/view_all_set.php?type=1&temporary=y&user_monitor=[XSS]\r\nhttp://www.example.com/view_all_set.php?type=1&temporary=y&reporter_id=[XSS]\r\nhttp://www.example.com/view_all_set.php?type=6&view_type=[XSS]\r\nhttp://www.example.com/view_all_set.php?type=1&show_severity=[XSS]\r\nhttp://www.example.com/view_all_set.php?type=1&show_category=[XSS]\r\nhttp://www.example.com/view_all_set.php?type=1&show_status=[XSS]\r\nhttp://www.example.com/view_all_set.php?type=1&show_resolution=[XSS]\r\nhttp://www.example.com/view_all_set.php?type=1&show_build=[XSS]\r\nhttp://www.example.com/view_all_set.php?type=1&show_profile=[XSS]\r\nhttp://www.example.com/view_all_set.php?type=1&show_priority=[XSS]\r\nhttp://www.example.com/view_all_set.php?type=1&highlight_changed=[XSS]\r\nhttp://www.example.com/view_all_set.php?type=1&relationship_type=[XSS]\r\nhttp://www.example.com/view_all_set.php?type=1&relationship_bug=[XSS]", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/27228/"}]}
