CVE-2005-4522
Description
Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*
- (no CPE)range: <=1.0.0rc3
Patches
Vulnerability mechanics
Root cause
"Missing input sanitization of the view_type and target_field GET parameters in view_filters_page.php allows reflected cross-site scripting."
Attack vector
An anonymous remote attacker can craft a malicious link containing XSS payloads in the `view_type` or `target_field` GET parameters of `view_filters_page.php` [ref_id=1]. When a victim clicks the link, the unsanitized input is rendered in the browser, allowing arbitrary HTML or JavaScript execution in the victim's session context [ref_id=1]. The advisory classifies both as non-persistent (reflected) XSS and notes they are exploitable regardless of whether `magic_quotes_gpc` is enabled [ref_id=1].
Affected code
The vulnerability resides in `view_filters_page.php`, specifically in the handling of the `view_type` and `target_field` GET parameters [ref_id=1]. The advisory identifies these two parameters as lacking proper sanitization before being reflected in the page output [ref_id=1].
What the fix does
The advisory does not include a patch diff, but directs users to upgrade to Mantis 0.19.4 / 1.0.0rc4 or newer [ref_id=1]. The fix presumably adds proper input sanitization or output encoding for the `view_type` and `target_field` parameters in `view_filters_page.php` to prevent reflected XSS [ref_id=1].
Preconditions
- authNo authentication required; exploitable by any anonymous user
- inputAttacker must trick a victim into clicking a crafted URL
- configExploitable regardless of magic_quotes_gpc setting
Reproduction
1. Host a Mantis instance version 0.19.3 or earlier (or 1.0.0rc3 and earlier). 2. As an unauthenticated attacker, craft a URL: `[path_to_mantis]/view_filters_page.php?target_field=reporter_id[]&view_type=">` 3. Send the crafted URL to a victim. 4. When the victim visits the URL, the injected `">` sequence is rendered in the page, demonstrating reflected XSS [ref_id=1].
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
11- secunia.com/advisories/18181/nvdPatchVendor Advisory
- secunia.com/advisories/18221nvdPatchVendor Advisory
- www.gentoo.org/security/en/glsa/glsa-200512-12.xmlnvdPatch
- www.securityfocus.com/bid/16046/nvdPatch
- www.trapkit.de/advisories/TKADV2005-11-002.txtnvdExploitPatch
- secunia.com/advisories/18481nvd
- sourceforge.net/project/shownotes.phpnvd
- sourceforge.net/project/shownotes.phpnvd
- www.debian.org/security/2005/dsa-944nvd
- www.osvdb.org/22053nvd
- www.vupen.com/english/advisories/2005/3064nvd
News mentions
0No linked articles in our index yet.