CVE-2006-0841

2006-02-2200:00:00

ubuntu.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

80.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and
earlier allow remote attackers to inject arbitrary web script or HTML via
the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5)
view_type, (6) show_severity, (7) show_category, (8) show_status, (9)
show_resolution, (10) show_build, (11) show_profile, (12) show_priority,
(13) highlight_changed, (14) relationship_type, and (15) relationship_bug
parameters in (a) view_all_set.php; the (16) sort parameter in (b)
manage_user_page.php; the (17) view_type parameter in ©
view_filters_page.php; and the (18) title parameter in (d)
proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522.

OSVersionArchitecturePackageVersionFilename
ubuntu6.10noarchmantis< 0.19.4-3.2UNKNOWN
ubuntu7.04noarchmantis< 0.19.4-3.2UNKNOWN
ubuntu7.10noarchmantis< 0.19.4-3.2UNKNOWN
ubuntu8.04noarchmantis< 0.19.4-3.2UNKNOWN
ubuntu8.10noarchmantis< 0.19.4-3.2UNKNOWN
ubuntu9.04noarchmantis< 0.19.4-3.2UNKNOWN
ubuntu9.10noarchmantis< 0.19.4-3.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.10	noarch	mantis	< 0.19.4-3.2	UNKNOWN
ubuntu	7.04	noarch	mantis	< 0.19.4-3.2	UNKNOWN
ubuntu	7.10	noarch	mantis	< 0.19.4-3.2	UNKNOWN
ubuntu	8.04	noarch	mantis	< 0.19.4-3.2	UNKNOWN
ubuntu	8.10	noarch	mantis	< 0.19.4-3.2	UNKNOWN
ubuntu	9.04	noarch	mantis	< 0.19.4-3.2	UNKNOWN
ubuntu	9.10	noarch	mantis	< 0.19.4-3.2	UNKNOWN