Lucene search

[email protected]NVD:CVE-2010-2574

HistoryAug 10, 2010 - 12:23 p.m.

CVE-2010-2574

2010-08-1012:23:06

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

48.7%

JSON

Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action.

Affected configurations

Nvd

Node

mantisbtmantisbtMatch1.2.2

VendorProductVersionCPE
mantisbtmantisbt1.2.2cpe:2.3:a:mantisbt:mantisbt:1.2.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mantisbt	mantisbt	1.2.2	cpe:2.3:a:mantisbt:mantisbt:1.2.2:::::::*

References

lists.fedoraproject.org/pipermail/package-announce/2010-September/048548.html

lists.fedoraproject.org/pipermail/package-announce/2010-September/048639.html

lists.fedoraproject.org/pipermail/package-announce/2010-September/048659.html

secunia.com/advisories/40832

secunia.com/advisories/41653

secunia.com/secunia_research/2010-103/

www.mantisbt.org/bugs/changelog_page.php?version_id=111

www.mantisbt.org/bugs/view.php?id=12230

www.openwall.com/lists/oss-security/2010/09/14/12

www.openwall.com/lists/oss-security/2010/09/14/13

www.securityfocus.com/archive/1/512886/100/0/threaded

www.vupen.com/english/advisories/2010/2535

CVSS2

2.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

48.7%

JSON

Related for NVD:CVE-2010-2574

cve1 securityvulns2 cvelist1 ubuntucve1 openvas10 prion1 fedora4 nessus3