Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-3356

Multiple cross-site scripting (XSS) vulnerabilities in config_defaults_inc.php in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO, as demonstrated by the PATH_INFO to (1) manage_config_email_page.php, (2) manage_config_workflow_page.php, or (3) bugs/plugin.php.

See the

CVE page on Mitre.org for more details.

References

MLIST: [debian-security-track...
MLIST: [oss-security] 2011090...
MLIST: [oss-security] 2011090...
MISC: https://www.htbridge.c...
CONFIRM: http://bugs.debian.org...
CONFIRM: http://www.mantisbt.or...
CONFIRM: http://www.mantisbt.or...
CONFIRM: https://bugzilla.redha...
CONFIRM: https://github.com/man...
FEDORA: FEDORA-2011-12369
BID: 49448
SREASON: 8392
GENTOO: GLSA-201211-01
SECUNIA: 51199
XF: mantisbt-unspecified-x...
BUGTRAQ: 20110905 Multiple vuln...

Launchpad.net

CVE 2011-3356

Related bugs

References