MantisBT Cross-site Scripting Vulnerability Network Vulnerability

Summary

This host is running MantisBT and is prone to Cross-site scripting Vulnerability.

Impact

Successful exploitation will allow attackers to conduct cross-site scripting attacks. Impact Level: Application.

Solution

Upgrade to MantisBT version 1.2.2 or later For updates refer to http://www.mantisbt.org/download.php

Insight

The application allows remote authenticated users to inject arbitrary web script or HTML via an HTML document with a '.gif' filename extension, related to inline attachments.

Affected

MantisBT version prior to 1.2.2

References

http://www.mantisbt.org/blog/?p=113
http://www.openwall.com/lists/oss-security/2010/08/02/16
http://www.openwall.com/lists/oss-security/2010/08/03/7

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2802
CVSS Base Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

Related Vulnerabilities

phpShop 'page' Parameter Cross Site Scripting Vulnerability
Serendipity 'serendipity_admin.php' Cross Site Scripting Vulnerability
arachni (NASL wrapper)
Moodle Prior to 1.9.8/1.8.12 Multiple Vulnerabilities
BasiliX Attachment Disclosure Vulnerability

MantisBT Cross-site scripting Vulnerability

Take action and discover your vulnerabilities