Zero-Day Advisory
Fortinet Discovers MantisBT Cross-Site Scripting (XSS) Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered a cross-site scripting (XSS) vulnerability in MantisBT.
MantisBT is an open source issue tracker that provides a delicate balance between simplicity and power. Users are able to get started in minutes and start managing their projects while collaborating with their teammates and clients effectively.
A cross-site scripting (XSS) vulnerability has been discovered in MantisBT. The vulnerability is caused due to incorrectly handling specially-crafted request which contains injected script code. It could allow remote attackers to launch XSS attack.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:Mantis.adm_config_report.XSS
Released Mar 09, 2015
Users should apply the solution provided by MantisBT.
References
Acknowledgement
This vulnerability was discovered by Honggang Ren of Fortinet's FortiGuard Labs.