CVE-2011-2938

EUVD-2011-2906
Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php in MantisBT before 1.2.7 allow remote attackers to inject arbitrary web script or HTML via a parameter, as demonstrated by the project_id parameter to search.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
mantisbtmantisbt
𝑥
≤ 1.2.6
mantisbtmantisbt
0.19.3
mantisbtmantisbt
0.19.4
mantisbtmantisbt
1.0.0
mantisbtmantisbt
1.0.1
mantisbtmantisbt
1.0.2
mantisbtmantisbt
1.0.3
mantisbtmantisbt
1.0.4
mantisbtmantisbt
1.0.5
mantisbtmantisbt
1.0.6
mantisbtmantisbt
1.0.7
mantisbtmantisbt
1.0.8
mantisbtmantisbt
1.1.0
mantisbtmantisbt
1.1.1
mantisbtmantisbt
1.1.2
mantisbtmantisbt
1.1.4
mantisbtmantisbt
1.1.5
mantisbtmantisbt
1.1.6
mantisbtmantisbt
1.1.7
mantisbtmantisbt
1.1.8
mantisbtmantisbt
1.2.0
mantisbtmantisbt
1.2.1
mantisbtmantisbt
1.2.2
mantisbtmantisbt
1.2.3
mantisbtmantisbt
1.2.4
mantisbtmantisbt
1.2.5
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mantis
hardy
ignored
lucid
not-affected
maverick
not-affected
natty
not-affected
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html
http://packetstormsecurity.org/files/104149
http://secunia.com/advisories/51199
http://security.gentoo.org/glsa/glsa-201211-01.xml
http://securityreason.com/securityalert/8391
http://www.mantisbt.org/bugs/view.php?id=13245
http://www.openwall.com/lists/oss-security/2011/08/18/7
http://www.openwall.com/lists/oss-security/2011/08/19/16
http://www.securityfocus.com/bid/49235
https://bugs.gentoo.org/show_bug.cgi?id=379739
https://bugs.launchpad.net/ubuntu/+source/mantis/+bug/828857
https://bugzilla.redhat.com/show_bug.cgi?id=731777
https://github.com/mantisbt/mantisbt/commit/317f3db3a3c68775de3acf3b15f55b1e3c18f93b
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html
http://packetstormsecurity.org/files/104149
http://secunia.com/advisories/51199
http://security.gentoo.org/glsa/glsa-201211-01.xml
http://securityreason.com/securityalert/8391
http://www.mantisbt.org/bugs/view.php?id=13245
http://www.openwall.com/lists/oss-security/2011/08/18/7
http://www.openwall.com/lists/oss-security/2011/08/19/16
http://www.securityfocus.com/bid/49235
https://bugs.gentoo.org/show_bug.cgi?id=379739
https://bugs.launchpad.net/ubuntu/+source/mantis/+bug/828857
https://bugzilla.redhat.com/show_bug.cgi?id=731777
https://github.com/mantisbt/mantisbt/commit/317f3db3a3c68775de3acf3b15f55b1e3c18f93b