Launchpad CVE tracker

CVE 2010-3763

Cross-site scripting (XSS) vulnerability in core/summary_api.php in MantisBT before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the Summary field, a different vector than CVE-2010-3303.

Related bugs and status

CVE-2010-3763 (Candidate) is related to these bugs:

Bug #690482: MantisBT <1.2.4 multiple vulnerabilities (LFI, XSS and PD)

		In	Importance	Status
690482	MantisBT <1.2.4 multiple vulnerabilities (LFI, XSS and PD)	mantis (Ubuntu)	Low	Triaged
690482	MantisBT <1.2.4 multiple vulnerabilities (LFI, XSS and PD)	mantis (Debian)	Unknown	Fix Released
690482	MantisBT <1.2.4 multiple vulnerabilities (LFI, XSS and PD)	Gentoo Linux	High	Fix Released
690482	MantisBT <1.2.4 multiple vulnerabilities (LFI, XSS and PD)	mantis (Fedora)	Medium	Fix Released
690482	MantisBT <1.2.4 multiple vulnerabilities (LFI, XSS and PD)	mantis (Ubuntu Hardy)	Low	Won't Fix
690482	MantisBT <1.2.4 multiple vulnerabilities (LFI, XSS and PD)	mantis (Ubuntu Lucid)	Low	Won't Fix
690482	MantisBT <1.2.4 multiple vulnerabilities (LFI, XSS and PD)	mantis (Ubuntu Maverick)	Low	Won't Fix
690482	MantisBT <1.2.4 multiple vulnerabilities (LFI, XSS and PD)	mantis (Ubuntu Karmic)	Low	Won't Fix

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2010-3763

References