18 matches found
EUVD-2013-1926
Malware in sbrugna...
EUVD-2013-1927
Malware in sbrugna...
EUVD-2014-8813
Malware in sbrugna...
EUVD-2014-8814
Malware in sbrugna...
GHSA-V7QF-22RW-CHPH MantisBT XSS via adm_config_report.php's action parameter
A cross-site scripting XSS vulnerability in the MantisBT Configuration Report page admconfigreport.php allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2...
MantisBT 1.2.13 XSS Vulnerability - Windows
MantisBT is prone to a cross-site scripting vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...
CVE-2013-1934
A cross-site scripting XSS vulnerability in the configuration report page admconfigreport.php in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value...
Cross site scripting
A cross-site scripting XSS vulnerability in the configuration report page admconfigreport.php in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name...
CVE-2013-1932
A cross-site scripting XSS vulnerability in the configuration report page admconfigreport.php in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name...
Cross site scripting
A cross-site scripting XSS vulnerability in the configuration report page admconfigreport.php in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value...
CVE-2013-1934
The CVE-2013-1934 issue affects MantisBT 1.2.0rc1 and earlier, where the configuration report page adm_config_report.php allows remote authenticated users to inject arbitrary script/HTML via a complex value, enabling cross-site scripting. Root cause: insufficient input sanitization on the adm_con...
CVE-2017-6973
A cross-site scripting XSS vulnerability in the MantisBT Configuration Report page admconfigreport.php allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2...
CVE-2017-6973
A cross-site scripting XSS vulnerability in the MantisBT Configuration Report page admconfigreport.php allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2...
MantisBT Configuration Report Page Cross-Site Scripting Vulnerability
MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. A cross-site scripting vulnerability exists in the 'set configuration' text box in the Configuration Report page in...
CVE-2014-8987
Cross-site scripting XSS vulnerability in the "set configuration" box in the Configuration Report page admconfigreport.php in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the configoption parameter, a different vulnerability than...
CVE-2014-8987
Summary (from connected sources): MantisBT versions 1.2.13–1.2.17 contain a cross-site scripting (XSS) vulnerability in the Configuration Report page (adm_config_report.php), exploitable via the config_option parameter, allowing remote administrators to inject arbitrary web script or HTML. The is...
CVE-2014-8986
Cross-site scripting XSS vulnerability in the selection list in the filters in the Configuration Report page admconfigreport.php in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via a crafted config option, a different vulnerability than...
CVE-2014-8986
CVE-2014-8986 is a documented XSS vulnerability in MantisBT 1.2.13–1.2.17. The flaw resides in the Configuration Report page (adm_config_report.php) where the selection/filters of the Configuration Report can be exploited via the config_option parameter to inject arbitrary script/HTML. The connec...