Launchpad CVE tracker

CVE 2011-2938

Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php in MantisBT before 1.2.7 allow remote attackers to inject arbitrary web script or HTML via a parameter, as demonstrated by the project_id parameter to search.php.

Related bugs and status

CVE-2011-2938 (Candidate) is related to these bugs:

Bug #828857: MantisBT <1.2.7 search.php multiple XSS vulnerabilities

		In	Importance	Status
828857	MantisBT <1.2.7 search.php multiple XSS vulnerabilities	mantis (Ubuntu)	Undecided	Fix Released
828857	MantisBT <1.2.7 search.php multiple XSS vulnerabilities	Gentoo Linux	Low	Fix Released
828857	MantisBT <1.2.7 search.php multiple XSS vulnerabilities	mantis (Debian)	Unknown	Fix Released
828857	MantisBT <1.2.7 search.php multiple XSS vulnerabilities	mantis (Fedora)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2011081...
MLIST: [oss-security] 2011081...
MISC: http://packetstormsecu...
CONFIRM: http://www.mantisbt.or...
CONFIRM: https://bugs.gentoo.or...
CONFIRM: https://bugs.launchpad...
CONFIRM: https://bugzilla.redha...
CONFIRM: https://github.com/man...
FEDORA: FEDORA-2011-12369
BID: 49235
SREASON: 8391
GENTOO: GLSA-201211-01
SECUNIA: 51199

Launchpad.net

CVE 2011-2938

Related bugs and status

Related bugs

References