|
Message-ID: <CAA2mj=d+qOe7x7MTM=Bs30gowWRcggx3nU1+73DH7i_-sVK4Kg@mail.gmail.com> Date: Fri, 5 Dec 2014 09:30:13 +0000 From: Paul Richards <paul@...tisforge.org> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: CVE Request: Multiple XSS vulnerabilities in MantisBT Hello Mitre, I believe your current analysis is incorrect, and that Damien's attribution is incorrect. Issue 17816 regarding copy fields - http://www.mantisbt.org/bugs/view.php?id=17876 is a duplicate of 17362 The report in issue 17362 referred to a security issue in "5. Reflected XSS in admin panel: PoC: [MantisBT]/admin/test_langs.php?dest_id=<script>alert(1)</script>" At that point my response was "In terms of number 5 - are you sure you meant test_langs.php. In 1.3-master, there's an issue within copy_field.php of doing something similar of: admin/copy_field.php?source_id=1&dest_id="></a><script>alert()</script><b style="" as I was already aware of an issue within copy_field.php I should be able to supply a report confirming this later on. The security researcher then came back and stated that he had indeed made an error in his report and he did not mean test_langs.php In this case, the line: "Credit: Issue was reported by Mathias Karlsson (http://mathiaskarlsson.me) as part of Offensive Security's bug bounty program [7]. It was fixed by Paul Richards." is in correct as the issue was identified by myself initially, then subsequently identified (incorrectly) in the initial bug report. As I need to be able to do a security bulletin regarding my find for the XSS within copy_field.php, can you please tell me what CVE identifier to use for this and ensure proper attribution? Thanks in Advance Paul On Thu, Dec 4, 2014 at 6:20 PM, <cve-assign@...re.org> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > 1. XSS in extended project browser >> >> [1] http://github.com/mantisbt/mantisbt/commit/511564cc >> [2] http://www.mantisbt.org/bugs/view.php?id=17890 >> > > Use CVE-2014-9269. > > 2. XSS in projax_api.php >> >> [3] http://github.com/mantisbt/mantisbt/commit/0bff06ec >> [4] http://www.mantisbt.org/bugs/view.php?id=17583 >> > > Use CVE-2014-9270. > > 3. XSS in admin panel / copy_field.php >> >> [5] http://github.com/mantisbt/mantisbt/commit/e5fc835a >> [6] http://www.mantisbt.org/bugs/view.php?id=17876 >> > > Use CVE-2014-9271. > > Issues 3 and 5 are MERGED into the same CVE ID because they are the > same type of issue, affecting the same versions, disclosed at the same > time, and found by the same person. > > 4. XSS in string_insert_hrefs() >> >> [8] http://github.com/mantisbt/mantisbt/commit/05378e00 >> [9] http://www.mantisbt.org/bugs/view.php?id=17297 >> > > Use CVE-2014-9272. > > > 5. XSS in file uploads >> >> [10] http://github.com/mantisbt/mantisbt/commit/9fb8cf36f >> [11] http://www.mantisbt.org/bugs/view.php?id=17874 >> > > Use CVE-2014-9271. > > Issues 3 and 5 are MERGED into the same CVE ID because they are the > same type of issue, affecting the same versions, disclosed at the same > time, and found by the same person. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.14 (SunOS) > > iQEVAwUBVICkqKllVAevmvmsAQKuBQgAxVb3LZJ82oRHEpIKAGioXOw6bm1umxAh > CRzFnVZUrUpZFB3vIAjAcatJXXLjZmk0NSHqWeguZ08q95lS9ockXcyYaoS5UKWG > dyqPpZVCbhsmbSc8jf88IdT3EUAScdpof8dpCnYLSzRKdmq15GIYmYlnapms3+sK > 6EhVvxwrv85Giu2b2KLAB/6cjV75ATDtBu6IFC7GJed+2kc7ef8eTmJoiGQ+mdtB > 73ZGoykBlyBN5a6PVcfqPMtn58x6I8jUn4Oug382aKttVB5udp9ciRQSD0Yqdhv6 > F9bUrVPMStuTdnk64F/JDYI9x001jjCah2DiW2IMBOodjvtUr+qgPw== > =wjH5 > -----END PGP SIGNATURE----- >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.