MantisBT Multiple Cross-site Scripting Vulnerabilities Network Vulnerability

Summary

This host is running MantisBT and is prone to multiple cross-site scripting vulnerabilities.

Impact

Successful exploitation will allow attackers to conduct cross-site scripting attacks. Impact Level: Application.

Solution

Upgrade to MantisBT version 1.2.3 or later For updates refer to http://www.mantisbt.org/download.php

Insight

Multiple flaws exist in the application which allow remote authenticated attackers to inject arbitrary web script or HTML via: (1) A plugin name, related to 'manage_plugin_uninstall.php' (2) An 'enumeration' value (3) A 'String' value of a custom field, related to 'core/cfdefs/cfdef_standard.php' (4) project (5) category name to 'print_all_bug_page_word.php' or (6) 'Summary field', related to 'core/summary_api.php'

Affected

MantisBT version prior to 1.2.3

References

http://www.mantisbt.org/bugs/changelog_page.php?version_id=111
http://www.mantisbt.org/bugs/view.php?id=12231
http://www.mantisbt.org/bugs/view.php?id=12232
http://www.mantisbt.org/bugs/view.php?id=12234
http://www.mantisbt.org/bugs/view.php?id=12238
http://www.mantisbt.org/bugs/view.php?id=12309

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3303, CVE-2010-3763

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
@Mail 'admin.php' Cross-Site Scripting Vulnerabilities
Ampache Reflected Cross Site Scripting Vulnerability
Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability

MantisBT Multiple Cross-site scripting Vulnerabilities

Take action and discover your vulnerabilities