Web application abuses : MantisBT < 1.2.3 Multiple XSS Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.801603

Categoría: Web application abuses

Título: MantisBT < 1.2.3 Multiple XSS Vulnerabilities

Resumen: MantisBT is prone to multiple cross-site scripting (XSS) vulnerabilities.

Descripción: Summary:
MantisBT is prone to multiple cross-site scripting (XSS) vulnerabilities.

Vulnerability Insight:
Multiple flaws exist in the application which allow remote authenticated
attackers to inject arbitrary web script or HTML via:

(1) A plugin name, related to 'manage_plugin_uninstall.php'

(2) An 'enumeration' value

(3) A 'String' value of a custom field, related to 'core/cfdefs/cfdef_standard.php'

(4) project

(5) category name to 'print_all_bug_page_word.php' or

(6) 'Summary field', related to 'core/summary_api.php'

Vulnerability Impact:
Successful exploitation will allow attackers to conduct cross-site scripting
attacks.

Affected Software/OS:
MantisBT prior to version 1.2.3.

Solution:
Update to version 1.2.3 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-3303
41653
http://secunia.com/advisories/41653
43604
http://www.securityfocus.com/bid/43604
51199
http://secunia.com/advisories/51199
ADV-2010-2535
http://www.vupen.com/english/advisories/2010/2535
FEDORA-2010-15061
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048548.html
FEDORA-2010-15080
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048639.html
FEDORA-2010-15082
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048659.html
GLSA-201211-01
http://security.gentoo.org/glsa/glsa-201211-01.xml
[oss-security] 20100914 CVE request: mantis before 1.2.3 (XSS)
http://www.openwall.com/lists/oss-security/2010/09/14/12
[oss-security] 20100914 Re: CVE request: mantis before 1.2.3 (XSS)
http://www.openwall.com/lists/oss-security/2010/09/14/13
http://www.openwall.com/lists/oss-security/2010/09/14/19
[oss-security] 20100916 Re: CVE request: mantis before 1.2.3 (XSS)
http://www.openwall.com/lists/oss-security/2010/09/16/16
http://www.mantisbt.org/bugs/changelog_page.php?version_id=111
http://www.mantisbt.org/bugs/view.php?id=12231
http://www.mantisbt.org/bugs/view.php?id=12232
http://www.mantisbt.org/bugs/view.php?id=12234
http://www.mantisbt.org/bugs/view.php?id=12238
Common Vulnerability Exposure (CVE) ID: CVE-2010-3763
BugTraq ID: 43837
http://www.securityfocus.com/bid/43837
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html
http://secunia.com/advisories/42772
http://www.vupen.com/english/advisories/2011/0002

Copyright Copyright (C) 2010 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.801603
Categoría:	Web application abuses
Título:	MantisBT < 1.2.3 Multiple XSS Vulnerabilities
Resumen:	MantisBT is prone to multiple cross-site scripting (XSS) vulnerabilities.
Descripción:	Summary: MantisBT is prone to multiple cross-site scripting (XSS) vulnerabilities. Vulnerability Insight: Multiple flaws exist in the application which allow remote authenticated attackers to inject arbitrary web script or HTML via: (1) A plugin name, related to 'manage_plugin_uninstall.php' (2) An 'enumeration' value (3) A 'String' value of a custom field, related to 'core/cfdefs/cfdef_standard.php' (4) project (5) category name to 'print_all_bug_page_word.php' or (6) 'Summary field', related to 'core/summary_api.php' Vulnerability Impact: Successful exploitation will allow attackers to conduct cross-site scripting attacks. Affected Software/OS: MantisBT prior to version 1.2.3. Solution: Update to version 1.2.3 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3303 41653 http://secunia.com/advisories/41653 43604 http://www.securityfocus.com/bid/43604 51199 http://secunia.com/advisories/51199 ADV-2010-2535 http://www.vupen.com/english/advisories/2010/2535 FEDORA-2010-15061 http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048548.html FEDORA-2010-15080 http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048639.html FEDORA-2010-15082 http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048659.html GLSA-201211-01 http://security.gentoo.org/glsa/glsa-201211-01.xml [oss-security] 20100914 CVE request: mantis before 1.2.3 (XSS) http://www.openwall.com/lists/oss-security/2010/09/14/12 [oss-security] 20100914 Re: CVE request: mantis before 1.2.3 (XSS) http://www.openwall.com/lists/oss-security/2010/09/14/13 http://www.openwall.com/lists/oss-security/2010/09/14/19 [oss-security] 20100916 Re: CVE request: mantis before 1.2.3 (XSS) http://www.openwall.com/lists/oss-security/2010/09/16/16 http://www.mantisbt.org/bugs/changelog_page.php?version_id=111 http://www.mantisbt.org/bugs/view.php?id=12231 http://www.mantisbt.org/bugs/view.php?id=12232 http://www.mantisbt.org/bugs/view.php?id=12234 http://www.mantisbt.org/bugs/view.php?id=12238 Common Vulnerability Exposure (CVE) ID: CVE-2010-3763 BugTraq ID: 43837 http://www.securityfocus.com/bid/43837 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html http://secunia.com/advisories/42772 http://www.vupen.com/english/advisories/2011/0002
Copyright	Copyright (C) 2010 Greenbone Networks GmbH