Published: 28/09/2005 Updated: 11/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 up to and including 1.0.0a3 allows remote malicious users to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mantis mantis 0.19.0
mantis mantis 1.0.0a2
mantis mantis 1.0.0a3
mantis mantis 0.19.0a2
mantis mantis 0.19.1
mantis mantis 0.19.2
mantis mantis 1.0.0a1
mantis mantis 0.19.0_rc1
mantis mantis 0.19.0a1
debian debian linux 3.1
gentoo linux

source: wwwsecurityfocuscom/bid/14604/info Mantis is prone to multiple input validation vulnerabilities These issues involve cross-site scripting, HTML injection and variable poisoning, and are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage the cross-site scripting issue to have ar ...

NVD-CWE-Other http://www.mantisbt.org/changelog.php http://www.debian.org/security/2005/dsa-778 http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml http://www.securityfocus.com/bid/14604 http://secunia.com/advisories/16506 http://marc.info/?l=bugtraq&m=112786017426276&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/21958 https://nvd.nist.gov https://www.exploit-db.com/exploits/26172/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-2557

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect