Back to search
CVE-2013-1810
Published: May 15, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
Multiple cross-site scripting (XSS) vulnerabilities in core/summary_api.php in MantisBT 1.2.12 allow remote authenticated users with manager or administrator permissions to inject arbitrary web script or HTML via a (1) category name in the summary_print_by_category function or (2) project name in the summary_print_by_project function.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20130119 CVE request: MantisBT 1.2.12 only summary.php category/project names XSS vulnerability
mailing-list
x_refsource_MLIST
[oss-security] 20130302 Re: CVE request: MantisBT 1.2.12 only summary.php category/project names XSS vulnerability
mailing-list
x_refsource_MLIST
51853
third-party-advisory
x_refsource_SECUNIA
http://www.mantisbt.org/bugs/view.php?id=15384
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now