CVE-2011-3578

EUVD-2011-3541
Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to bug_actiongroup_page.php, a different vulnerability than CVE-2011-3357.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Affected Products (NVD)
VendorProductVersion
mantisbtmantisbt
𝑥
≤ 1.2.7
mantisbtmantisbt
0.19.3
mantisbtmantisbt
0.19.4
mantisbtmantisbt
1.0.0
mantisbtmantisbt
1.0.1
mantisbtmantisbt
1.0.2
mantisbtmantisbt
1.0.3
mantisbtmantisbt
1.0.4
mantisbtmantisbt
1.0.5
mantisbtmantisbt
1.0.6
mantisbtmantisbt
1.0.7
mantisbtmantisbt
1.0.8
mantisbtmantisbt
1.1.0
mantisbtmantisbt
1.1.1
mantisbtmantisbt
1.1.2
mantisbtmantisbt
1.1.4
mantisbtmantisbt
1.1.5
mantisbtmantisbt
1.1.6
mantisbtmantisbt
1.1.7
mantisbtmantisbt
1.1.8
mantisbtmantisbt
1.2.0
mantisbtmantisbt
1.2.1
mantisbtmantisbt
1.2.2
mantisbtmantisbt
1.2.3
mantisbtmantisbt
1.2.4
mantisbtmantisbt
1.2.5
mantisbtmantisbt
1.2.6
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mantis
hardy
ignored
lucid
ignored
maverick
ignored
natty
Fixed 1.1.8+dfsg-10squeeze2build0.11.04.1
released
oneiric
not-affected
precise
not-affected
quantal
not-affected
raring
not-affected
saucy
not-affected
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297
http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html
http://secunia.com/advisories/45961
http://secunia.com/advisories/51199
http://security.gentoo.org/glsa/glsa-201211-01.xml
http://securityreason.com/securityalert/8392
http://www.debian.org/security/2011/dsa-2308
http://www.mantisbt.org/bugs/view.php?id=13281
http://www.openwall.com/lists/oss-security/2011/09/04/1
http://www.openwall.com/lists/oss-security/2011/09/04/2
http://www.openwall.com/lists/oss-security/2011/09/09/9
http://www.securityfocus.com/archive/1/519547/100/0/threaded
http://www.securityfocus.com/bid/49448
https://bugzilla.redhat.com/show_bug.cgi?id=735514
https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d
https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f
https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297
http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html
http://secunia.com/advisories/45961
http://secunia.com/advisories/51199
http://security.gentoo.org/glsa/glsa-201211-01.xml
http://securityreason.com/securityalert/8392
http://www.debian.org/security/2011/dsa-2308
http://www.mantisbt.org/bugs/view.php?id=13281
http://www.openwall.com/lists/oss-security/2011/09/04/1
http://www.openwall.com/lists/oss-security/2011/09/04/2
http://www.openwall.com/lists/oss-security/2011/09/09/9
http://www.securityfocus.com/archive/1/519547/100/0/threaded
http://www.securityfocus.com/bid/49448
https://bugzilla.redhat.com/show_bug.cgi?id=735514
https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d
https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f
https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html