QwikSec

Security Database

CVE

CWE

Training

CVE-2011-3356

Published: Sep 21, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in config_defaults_inc.php in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO, as demonstrated by the PATH_INFO to (1) manage_config_email_page.php, (2) manage_config_workflow_page.php, or (3) bugs/plugin.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SREASON

[oss-security] 20110904 CVE requests: <mantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_GENTOO

https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html

x_refsource_MISC

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=735514

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

http://www.mantisbt.org/bugs/view.php?id=13281

x_refsource_CONFIRM

http://www.mantisbt.org/bugs/view.php?id=13191

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

mantisbt-unspecified-xss(69587)

vdb-entry

x_refsource_XF

[oss-security] 20110909 Re: CVE requests: <mantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)

mailing-list

x_refsource_MLIST

[debian-security-tracker] 20110908 Security Fix for mantis stable 1.1.8

mailing-list

x_refsource_MLIST

FEDORA-2011-12369

vendor-advisory

x_refsource_FEDORA

https://github.com/mantisbt/mantisbt/commit/d00745f5e267eba4ca34286d125de685bc3a8034

x_refsource_CONFIRM

20110905 Multiple vulnerabilities in MantisBT

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.