Lucene search

[email protected]NVD:CVE-2010-4348

HistoryJan 03, 2011 - 8:00 p.m.

CVE-2010-4348

2011-01-0320:00:42

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.0%

JSON

Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.

Affected configurations

NVD

Node

mantisbtmantisbtRange≤1.2.3

mantisbtmantisbtMatch0.18.0

mantisbtmantisbtMatch0.19.0

mantisbtmantisbtMatch0.19.0rc1

mantisbtmantisbtMatch0.19.0a1

mantisbtmantisbtMatch0.19.0a2

mantisbtmantisbtMatch0.19.1

mantisbtmantisbtMatch0.19.2

mantisbtmantisbtMatch0.19.3

mantisbtmantisbtMatch0.19.4

mantisbtmantisbtMatch0.19.5

mantisbtmantisbtMatch1.0.0

mantisbtmantisbtMatch1.0.0rc1

mantisbtmantisbtMatch1.0.0rc2

mantisbtmantisbtMatch1.0.0rc3

mantisbtmantisbtMatch1.0.0rc4

mantisbtmantisbtMatch1.0.0rc5

mantisbtmantisbtMatch1.0.0a1

mantisbtmantisbtMatch1.0.0a2

mantisbtmantisbtMatch1.0.0a3

mantisbtmantisbtMatch1.0.1

mantisbtmantisbtMatch1.0.2

mantisbtmantisbtMatch1.0.3

mantisbtmantisbtMatch1.0.4

mantisbtmantisbtMatch1.0.5

mantisbtmantisbtMatch1.0.6

mantisbtmantisbtMatch1.0.7

mantisbtmantisbtMatch1.0.8

mantisbtmantisbtMatch1.1.0

mantisbtmantisbtMatch1.1.1

mantisbtmantisbtMatch1.1.2

mantisbtmantisbtMatch1.1.4

mantisbtmantisbtMatch1.1.5

mantisbtmantisbtMatch1.1.6

mantisbtmantisbtMatch1.1.7

mantisbtmantisbtMatch1.1.8

mantisbtmantisbtMatch1.2.0

mantisbtmantisbtMatch1.2.1

mantisbtmantisbtMatch1.2.2

References

lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html

lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html

openwall.com/lists/oss-security/2010/12/15/4

openwall.com/lists/oss-security/2010/12/16/1

secunia.com/advisories/42772

secunia.com/advisories/51199

security.gentoo.org/glsa/glsa-201211-01.xml

www.mantisbt.org/blog/?p=123

www.mantisbt.org/bugs/changelog_page.php?version_id=112

www.mantisbt.org/bugs/view.php?id=12607

www.vupen.com/english/advisories/2011/0002

www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php

bugzilla.redhat.com/show_bug.cgi?id=663230

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.0%

JSON

Related for NVD:CVE-2010-4348

prion1 cve1 ubuntucve1 cvelist1 openvas9 fedora2 nessus3 gentoo1