Roland Becker

**Nome do software vulnerável e versões afetadas** Versões do MantisBT anteriores à 2.21.3 **Descrição** A vulnerabilidade afeta o recurso de Documentação do Projeto, especificamente o arquivo proj doc edit page.php, permitindo um ataque de cross-site scripting (XSS) armazenado. Isso ocorre quando um anexo com um nome de arquivo especialmente criado é enviado. O código arbitrário é executado quando a página do documento é editada, desde que as configurações da Política de Segurança de Conteúdo (CSP) permitam isso. **Recomendações** Para versões anteriores à 2.21.3, atualize para a versão 2.21.3 ou posterior para resolver o problema. Como solução temporária, considere restringir o envio de anexos apenas a usuários confiáveis e evite editar documentos que possam conter nomes de arquivos maliciosos até que a atualização seja aplicada.

**Name of the Vulnerable Software and Affected Versions** MantisBT version 1.2.13 **Description** A cross-site scripting (XSS) issue exists in the configuration report page, specifically in the adm config report.php file, allowing remote authenticated users to inject arbitrary web script or HTML via a project name. **Recommendations** For MantisBT version 1.2.13, consider restricting access to the configuration report page until a fix is available. As a temporary workaround, avoid using the project name field in the adm config report.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MantisBT versions 2.1.0 through 2.17.1 **Description** A cross-site scripting issue in the Manage Filters page allows remote attackers to inject arbitrary code through a crafted project name, provided access rights and CSP settings permit it. **Recommendations** For versions 2.1.0 through 2.17.1, update to a version that contains a fix for this issue to prevent arbitrary code injection. As a temporary workaround, consider restricting access to the Manage Filters page (manage filter page.php) to minimize the risk of exploitation. Avoid using crafted project names in the affected page until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MantisBT versions 2.1.0 through 2.17.1 **Description** A cross-site scripting issue in the Edit Filter page allows remote attackers to inject arbitrary code through a crafted project name, provided access rights and CSP settings permit it. **Recommendations** For versions 2.1.0 through 2.17.1, update to a version that contains a fix for this issue to prevent arbitrary code injection. As a temporary workaround, consider restricting access to the manage filter edit page.php to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MantisBT version 1.2.12 **Description** The issue allows remote authenticated users with manager or administrator permissions to inject arbitrary web script or HTML. This can be achieved via a category name in the `summary print by category` function or a project name in the `summary print by project` function. **Recommendations** For MantisBT version 1.2.12, consider restricting access to the `summary print by category` and `summary print by project` functions until a patch is available. As a temporary workaround, limit the ability of users with manager or administrator permissions to inject arbitrary web script or HTML via category names or project names. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MantisBT versions prior to 1.2.11 **Description** The issue allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary attachments due to a lack of permission check for delete attachments threshold when form security validation is set to OFF. **Recommendations** For versions prior to 1.2.11, update to version 1.2.11 or later to resolve the issue. As a temporary workaround, consider setting form security validation to ON to minimize the risk of exploitation. Restrict access to attachment deletion functionality to minimize the risk of unauthorized attachment deletion.

**Name of the Vulnerable Software and Affected Versions** MantisBT versions prior to 1.2.11 **Description** The issue concerns a problem with privilege checking in the `mc issue note update` function within the SOAP API. This allows remote attackers who have bug reporting privileges to edit arbitrary bugnotes by sending a SOAP request. **Recommendations** For versions prior to 1.2.11, update to version 1.2.11 or later to resolve the issue.