Ubuntu.comUB:CVE-2014-9281CVE-2014-9281
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
70.7%
Cross-site scripting (XSS) vulnerability in admin/copy_field.php in
MantisBT before 1.2.18 allows remote attackers to inject arbitrary web
script or HTML via the dest_id field.
References
github.com/mantisbt/mantisbt/commit/e5fc835a
seclists.org/oss-sec/2014/q4/867
seclists.org/oss-sec/2014/q4/913
seclists.org/oss-sec/2014/q4/924
www.mantisbt.org/bugs/view.php?id=17876
xforce.iss.net/xforce/xfdb/99038
github.com/mantisbt/mantisbt/commit/e5fc835a
launchpad.net/bugs/cve/CVE-2014-9281
nvd.nist.gov/vuln/detail/CVE-2014-9281
security-tracker.debian.org/tracker/CVE-2014-9281
www.cve.org/CVERecord?id=CVE-2014-9281
www.mantisbt.org/bugs/view.php?id=17876
Related
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
70.7%