Lucene search

K

PRIOn knowledge basePRION:CVE-2011-3356

HistorySep 21, 2011 - 4:55 p.m.

Cross site scripting

2011-09-2116:55:00

PRIOn knowledge base

www.prio-n.com

1

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.5%

Multiple cross-site scripting (XSS) vulnerabilities in config_defaults_inc.php in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO, as demonstrated by the PATH_INFO to (1) manage_config_email_page.php, (2) manage_config_workflow_page.php, or (3) bugs/plugin.php.

CPENameOperatorVersion
mantisbteq0.19.4
mantisbteq1.0.2
mantisbteq1.2.2
mantisbteq1.2.5
mantisbteq0.19.3
mantisbteq1.1.6
mantisbteq1.2.0
mantisbteq1.1.4
mantisbteq1.0.3
mantisbteq1.1.0

Rows per page:

1-10 of 271

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297

lists.debian.org/debian-security-tracker/2011/09/msg00012.html

secunia.com/advisories/51199

security.gentoo.org/glsa/glsa-201211-01.xml

securityreason.com/securityalert/8392

www.mantisbt.org/bugs/view.php?id=13191

www.mantisbt.org/bugs/view.php?id=13281

www.openwall.com/lists/oss-security/2011/09/04/1

www.openwall.com/lists/oss-security/2011/09/09/9

www.securityfocus.com/archive/1/519547/100/0/threaded

www.securityfocus.com/bid/49448

bugzilla.redhat.com/show_bug.cgi?id=735514

exchange.xforce.ibmcloud.com/vulnerabilities/69587

github.com/mantisbt/mantisbt/commit/d00745f5e267eba4ca34286d125de685bc3a8034

lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html

www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.5%

Related for PRION:CVE-2011-3356

ubuntucve1 cve1 openvas8 htbridge1 fedora2 nessus3 gentoo1