MantisBT Cross Site Scripting And SQL Injection Vulnerabilities Network Vulnerability

Summary

MantisBT is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability. Exploiting these issues could allow an attacker to steal cookie- based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. MantisBT 1.2.6 is vulnerable other versions may also be affected.

References

http://packetstormsecurity.org/files/view/104149/mantisbt-sqlxss.txt
http://www.mantisbt.org
http://www.securityfocus.com/bid/49235

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2938

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
Apache Tomcat Directory Listing and File disclosure
Apache Struts2 'XWork' Information Disclosure Vulnerability
Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
Apache Struts Directory Traversal Vulnerability

MantisBT Cross Site Scripting and SQL Injection Vulnerabilities

Take action and discover your vulnerabilities