Package: mantis Severity: important Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for matnis.
Advisory[0]: | seiji has discovered a vulnerability in Mantis, which can be exploited by | malicious users to conduct script insertion attacks. | | Input passed as the filename for the uploaded file in bug_report.php is not | properly sanitised before being stored. This can be exploited to insert | arbitrary HTML and script code, which is executed in a user's browser session | in context of an affected site when the malicious filename is viewed in | view.php. | | Successful exploitation requires valid user credentials. The following patch fixes the problem: http://www.mantisbt.org/bugs/file_download.php?file_id=1591&type=bug If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://secunia.com/advisories/28185/ Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpAQrBMfJPol.pgp
Description: PGP signature
