MantisBT Cross-site Scripting Vulnerability Network Vulnerability

Summary

This host is running MantisBT and is prone to Cross-site scripting Vulnerability.

Impact

Successful exploitation will allow attackers to conduct cross-site scripting attacks. Impact Level: Application.

Solution

Upgrade to MantisBT version 1.2.2 or later For updates refer to http://www.mantisbt.org/download.php

Insight

The application allows remote authenticated users to inject arbitrary web script or HTML via an HTML document with a '.gif' filename extension, related to inline attachments.

Affected

MantisBT version prior to 1.2.2

References

http://www.mantisbt.org/blog/?p=113
http://www.openwall.com/lists/oss-security/2010/08/02/16
http://www.openwall.com/lists/oss-security/2010/08/03/7

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2802

CVSS	Base Score: 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N

Related Vulnerabilities

PunBB detection
HP System Management Homepage Multiple Unspecified Vulnerabilities
Google Chrome Information Disclosure Vulnerability
NetSaro Enterprise Messenger Cross Site Scripting and HTML Injection Vulnerabilities
Packeteer Web Management Interface Login

MantisBT Cross-site scripting Vulnerability

Take action and discover your vulnerabilities