Web application abuses : MantisBT < 1.2.2 Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.801449

Categoría: Web application abuses

Título: MantisBT < 1.2.2 Multiple Vulnerabilities

Resumen: MantisBT is prone to multiple vulnerabilities.

Descripción: Summary:
MantisBT is prone to multiple vulnerabilities.

Vulnerability Insight:
The following flaws exist:

- the application allows remote authenticated users to inject arbitrary web script or HTML via an
HTML document with a '.gif' filename extension, related to inline attachments (CVE-2010-2802)

- insecure handling of attachments and MIME types (CVE-2009-2802)

Vulnerability Impact:
Successful exploitation will allow attackers to conduct cross-site scripting,
cross-domain scripting or other browser attacks.

Affected Software/OS:
MantisBT version prior to version 1.2.2.

Solution:
Update to version 1.2.2 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-2802
[oss-security] 20100803 CVE request: Attachment XSS in mantis < 1.2.2
http://www.openwall.com/lists/oss-security/2010/08/02/16
[oss-security] 20100803 Re: CVE request: Attachment XSS in mantis < 1.2.2
http://www.openwall.com/lists/oss-security/2010/08/03/7
http://www.mantisbt.org/blog/?p=113
http://www.mantisbt.org/bugs/view.php?id=11952
https://bugzilla.redhat.com/show_bug.cgi?id=620992
Common Vulnerability Exposure (CVE) ID: CVE-2009-2802
https://security-tracker.debian.org/tracker/CVE-2009-2802

Copyright Copyright (C) 2010 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.801449
Categoría:	Web application abuses
Título:	MantisBT < 1.2.2 Multiple Vulnerabilities
Resumen:	MantisBT is prone to multiple vulnerabilities.
Descripción:	Summary: MantisBT is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - the application allows remote authenticated users to inject arbitrary web script or HTML via an HTML document with a '.gif' filename extension, related to inline attachments (CVE-2010-2802) - insecure handling of attachments and MIME types (CVE-2009-2802) Vulnerability Impact: Successful exploitation will allow attackers to conduct cross-site scripting, cross-domain scripting or other browser attacks. Affected Software/OS: MantisBT version prior to version 1.2.2. Solution: Update to version 1.2.2 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2802 [oss-security] 20100803 CVE request: Attachment XSS in mantis < 1.2.2 http://www.openwall.com/lists/oss-security/2010/08/02/16 [oss-security] 20100803 Re: CVE request: Attachment XSS in mantis < 1.2.2 http://www.openwall.com/lists/oss-security/2010/08/03/7 http://www.mantisbt.org/blog/?p=113 http://www.mantisbt.org/bugs/view.php?id=11952 https://bugzilla.redhat.com/show_bug.cgi?id=620992 Common Vulnerability Exposure (CVE) ID: CVE-2009-2802 https://security-tracker.debian.org/tracker/CVE-2009-2802
Copyright	Copyright (C) 2010 Greenbone Networks GmbH