FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-2938

This CVE name corresponds to:

Entered Topic
2011-09-05 XSS issue in MantisBT

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2011-2938 at cve.mitre.org

Details

Type Candidate
Name CVE-2011-2938
Phase Assigned(20110727)

Description

Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php in MantisBT before 1.2.7 allow remote attackers to inject arbitrary web script or HTML via a parameter, as demonstrated by the project_id parameter to search.php.

References

Source Reference
MLIST [oss-security] 20110819 CVE request: MantisBT <1.2.7 search.php multiple XSS vulnerabilities
MLIST [oss-security] 20110819 Re: CVE request: MantisBT <1.2.7 search.php multiple XSS vulnerabilities
MISC http://packetstormsecurity.org/files/104149
CONFIRM http://www.mantisbt.org/bugs/view.php?id=13245
CONFIRM https://bugs.gentoo.org/show_bug.cgi?id=379739
CONFIRM https://bugs.launchpad.net/ubuntu/+source/mantis/+bug/828857
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=731777
CONFIRM https://github.com/mantisbt/mantisbt/commit/317f3db3a3c68775de3acf3b15f55b1e3c18f93b
FEDORA FEDORA-2011-12369
GENTOO GLSA-201211-01
BID 49235
SECUNIA 51199
SREASON 8391

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.