EUVD-2011-3322

Malware in sbrugna...

Cross site scripting

Cross-site scripting XSS vulnerability in the projaxarrayserializeforautocomplete function in core/projaxapi.php in MantisBT 1.1.0a3 through 1.2.17 allows remote attackers to inject arbitrary web script or HTML via the "profile/Platform" field...

CVE-2011-3358

Multiple cross-site scripting XSS vulnerabilities in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the 1 os, 2 osbuild, or 3 platform parameter to a bugreportpage.php or b bugupdateadvancedpage.php, related to use of the Projax library...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the 1 os, 2 osbuild, or 3 platform parameter to a bugreportpage.php or b bugupdateadvancedpage.php, related to use of the Projax library...

CVE-2011-3358

Multiple cross-site scripting XSS vulnerabilities in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the 1 os, 2 osbuild, or 3 platform parameter to a bugreportpage.php or b bugupdateadvancedpage.php, related to use of the Projax library...

CVE-2011-3358

Multiple cross-site scripting XSS vulnerabilities in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the 1 os, 2 osbuild, or 3 platform parameter to a bugreportpage.php or b bugupdateadvancedpage.php, related to use of the Projax library...

CVE-2011-3358

CVE-2011-3358 involves multiple cross-site scripting (XSS) weaknesses in MantisBT before 1.2.8, exploitable via the os, os_build, or platform parameters in bug_report_page.php or bug_update_advanced_page.php due to the Projax library. The vulnerability allows remote attackers to inject arbitrary ...