Lucene search

PRIOn knowledge basePRION:CVE-2014-9571

HistoryJan 26, 2015 - 3:59 p.m.

Cross site scripting

2015-01-2615:59:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.4%

JSON

Cross-site scripting (XSS) vulnerability in admin/install.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter.

CPENameOperatorVersion
mantisbteq1.3.0 beta1
mantisbtle1.2.18

CPE	Name	Operator	Version
	mantisbt	eq	1.3.0 beta1
	mantisbt	le	1.2.18

References

seclists.org/oss-sec/2015/q1/156

www.securitytracker.com/id/1031633

exchange.xforce.ibmcloud.com/vulnerabilities/100209

github.com/mantisbt/mantisbt/commit/132cd6d0

github.com/mantisbt/mantisbt/commit/6d47c047

www.htbridge.com/advisory/HTB23243

www.mantisbt.org/bugs/view.php?id=17937

www.mantisbt.org/bugs/view.php?id=17938

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.4%

JSON

Related for PRION:CVE-2014-9571