4 matches found
CVE-2013-1934
The CVE-2013-1934 issue affects MantisBT 1.2.0rc1 and earlier, where the configuration report page adm_config_report.php allows remote authenticated users to inject arbitrary script/HTML via a complex value, enabling cross-site scripting. Root cause: insufficient input sanitization on the adm_con...
Debian DSA-3120-1 : mantis - security update
Multiple security issues have been found in the Mantis bug tracking system, which may result in phishing, information disclosure, CAPTCHA bypass, SQL injection, cross-site scripting or the execution of arbitrary PHP code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text a...
Debian Security Advisory DSA 3120-1 (mantis - security update)
Multiple security issues have been found in the Mantis bug tracking system, which may result in phishing, information disclosure, CAPTCHA bypass, SQL injection, cross-site scripting or the execution of arbitrary PHP code. OpenVAS Vulnerability Test $Id: deb3120.nasl 6609 2017-07-07 12:05:59Z...
MantisBT 1.2.x < 1.2.14 adm_config_report.php Multiple Parameter XSS
According to its version number, the MantisBT install hosted on the remote web server is affected by multiple cross-site scripting vulnerabilities : - A flaw exists in on the Configuration Report page in the 'admconfigreport.php' script. CVE-2013-1932 - A flaw exists because the application fails...