FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mantis -- "view_filters_page.php" cross site scripting vulnerability

Affected packages
mantis < 1.0.0a4


VuXML ID 592815da-9eed-11da-b410-000e0c2e438a
Discovery 2005-12-13
Entry 2006-02-16

r0t reports:

Mantis contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "target_field" parameter in "view_filters_page.php" is not properly sanitised before being returned to the user. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.


CVE Name CAN-2005-4238