National Cyber Awareness System

Vulnerability Summary for CVE-2010-3303

Overview

Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an enumeration value or (3) a String value of a custom field, related to core/cfdefs/cfdef_standard.php; or a (4) project or (5) category name to print_all_bug_page_word.php.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: VUPEN

Name: ADV-2010-2535

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2010/2535

External Source: BID

Name: 43604

Hyperlink:http://www.securityfocus.com/bid/43604

External Source: MLIST

Name: [oss-security] 20100916 Re: CVE request: mantis before 1.2.3 (XSS)

Hyperlink:http://www.openwall.com/lists/oss-security/2010/09/16/16

External Source: MLIST

Name: [oss-security] 20100914 Re: CVE request: mantis before 1.2.3 (XSS)

Hyperlink:http://www.openwall.com/lists/oss-security/2010/09/14/19

External Source: MLIST

Name: [oss-security] 20100914 Re: CVE request: mantis before 1.2.3 (XSS)

Hyperlink:http://www.openwall.com/lists/oss-security/2010/09/14/13

External Source: MLIST

Name: [oss-security] 20100914 CVE request: mantis before 1.2.3 (XSS)

Hyperlink:http://www.openwall.com/lists/oss-security/2010/09/14/12

External Source: CONFIRM

Name: http://www.mantisbt.org/bugs/view.php?id=12238

Hyperlink:http://www.mantisbt.org/bugs/view.php?id=12238

External Source: CONFIRM

Name: http://www.mantisbt.org/bugs/view.php?id=12234

Hyperlink:http://www.mantisbt.org/bugs/view.php?id=12234

External Source: CONFIRM

Name: http://www.mantisbt.org/bugs/view.php?id=12232

Hyperlink:http://www.mantisbt.org/bugs/view.php?id=12232

External Source: CONFIRM

Name: http://www.mantisbt.org/bugs/view.php?id=12231

Hyperlink:http://www.mantisbt.org/bugs/view.php?id=12231

External Source: CONFIRM

Name: http://www.mantisbt.org/bugs/changelog_page.php?version_id=111

Hyperlink:http://www.mantisbt.org/bugs/changelog_page.php?version_id=111

External Source: SECUNIA

Name: 41653

Type: Advisory

Hyperlink:http://secunia.com/advisories/41653

External Source: FEDORA

Name: FEDORA-2010-15082

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048659.html

External Source: FEDORA

Name: FEDORA-2010-15080

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048639.html

External Source: FEDORA

Name: FEDORA-2010-15061

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048548.html