CVE-2010-4348

2011-01-0320:00:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2010-4348

cross-site scripting

xss

mantisbt

security vulnerability

adodb library

php

nvd

5.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.8%

JSON

Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.

CPENameOperatorVersion
mantisbt:mantisbtmantisbteq1.0.0
mantisbt:mantisbtmantisbteq1.0.0a1
mantisbt:mantisbtmantisbteq0.19.4
mantisbt:mantisbtmantisbteq1.0.0a3
mantisbt:mantisbtmantisbteq1.0.2
mantisbt:mantisbtmantisbteq1.2.2
mantisbt:mantisbtmantisbtle1.2.3
mantisbt:mantisbtmantisbteq0.19.0a1
mantisbt:mantisbtmantisbteq0.19.0
mantisbt:mantisbtmantisbteq0.19.1

CPE	Name	Operator	Version
mantisbt:mantisbt	mantisbt	eq	1.0.0
mantisbt:mantisbt	mantisbt	eq	1.0.0a1
mantisbt:mantisbt	mantisbt	eq	0.19.4
mantisbt:mantisbt	mantisbt	eq	1.0.0a3
mantisbt:mantisbt	mantisbt	eq	1.0.2
mantisbt:mantisbt	mantisbt	eq	1.2.2
mantisbt:mantisbt	mantisbt	le	1.2.3
mantisbt:mantisbt	mantisbt	eq	0.19.0a1
mantisbt:mantisbt	mantisbt	eq	0.19.0
mantisbt:mantisbt	mantisbt	eq	0.19.1