VDB
EN
HIGH

GHSA-h2wf-967x-gxvw

MantisBT: Stored XSS in print_all_bug_page_word.php

상세

A missing output encoding call in print_all_bug_page_word.php allows any authenticated user to inject arbitrary HTML into an IMG tag's *alt* attribute via an image attachment with a crafted filename such as `probe." onload="alert(1)`.

When any user views the HTML export page (print_all_bug_page_word.php?type_page=html&export=1), the rendered IMG tag becomes `<img src="..." alt="" onload="alert(1)" />`, breaking out of the alt attribute.

### Impact Cross-site scripting.

Impact is limited by MantisBT's Content Security Policy.

### Patches - https://github.com/mantisbt/mantisbt/commit/bdd0e364f62759de272dfd4c89b4f51d27be9daa

### Workarounds None

### Resources - https://mantisbt.org/bugs/view.php?id=37234

### Credits MantisBT thanks the [Dracosec Research Limited](https://dracosec.tech/) team (Chris Chan, Krecendo Hui, William Lam) for discovering and responsibly reporting the issue.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

Packagist / mantisbt/mantisbt
최초 영향 버전: 0 수정 버전: 2.28.4
수정 composer require mantisbt/mantisbt:^2.28.4

참고