mantis -- "view_filters_page.php" cross-site scripting vulnerability

2005-12-13T00:00:00
ID 6E3B12E2-6CE3-11DA-B90C-000E0C2E438A
Type freebsd
Reporter FreeBSD
Modified 2005-12-13T00:00:00

Description

r0t reports:

Mantis contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "target_field" parameter in "view_filters_page.php" isn't properly sanitised before being returned to the user. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.