2 matches found
CVE-2013-1810
Multiple cross-site scripting XSS vulnerabilities in core/summaryapi.php in MantisBT 1.2.12 allow remote authenticated users with manager or administrator permissions to inject arbitrary web script or HTML via a 1 category name in the summaryprintbycategory function or 2 project name in the...
CVE-2013-1810
CVE-2013-1810 involves multiple XSS vulnerabilities in MantisBT 1.2.12, exploitable by remote authenticated users with manager or administrator permissions. The flaws are in core/summary_api.php, where an attacker can inject arbitrary web script/HTML via (1) the category name used by summary_prin...