Published: 22/02/2006 Updated: 18/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mantis mantis 0.11.1
mantis mantis 0.12
mantis mantis 0.14.1
mantis mantis 0.14.2
mantis mantis 0.15
mantis mantis 0.15.0
mantis mantis 0.15.1
mantis mantis 0.18
mantis mantis 0.18.0
mantis mantis 0.18.2
mantis mantis 0.18.3
mantis mantis 0.10
mantis mantis 0.10.0
mantis mantis 0.12.0
mantis mantis 0.13
mantis mantis 0.14.3
mantis mantis 0.14.4
mantis mantis 0.15.2
mantis mantis 0.16
mantis mantis 0.18.0_rc1
mantis mantis 0.18.0a1
mantis mantis 0.18a1
mantis mantis 0.19.0
mantis mantis 0.19.4
mantis mantis 0.9
mantis mantis 1.0.0a1
mantis mantis 1.0.0a2
mantis mantis 0.11
mantis mantis 0.11.0
mantis mantis 0.14
mantis mantis 0.14.0
mantis mantis 0.14.7
mantis mantis 0.14.8
mantis mantis 0.17.0
mantis mantis 0.17.4a
mantis mantis 0.18.0a4
mantis mantis 0.18.1
mantis mantis 0.19.0a1
mantis mantis 0.19.0a2
mantis mantis 0.19.1
mantis mantis 1.0.0_rc1
mantis mantis 1.0.0_rc2
mantis mantis 0.10.1
mantis mantis 0.10.2
mantis mantis 0.13.0
mantis mantis 0.13.1
mantis mantis 0.14.5
mantis mantis 0.14.6
mantis mantis 0.16.0
mantis mantis 0.17
mantis mantis 0.18.0a2
mantis mantis 0.18.0a3
mantis mantis 0.19.0_rc1
mantis mantis 0.19.0a
mantis mantis 0.9.0
mantis mantis 0.9.1
mantis mantis 1.0.0a3
mantis mantis 0.19.2
mantis mantis 0.19.3
mantis mantis 1.0.0_rc3
mantis mantis 1.0.0_rc4

source: wwwsecurityfocuscom/bid/16657/info Mantis is prone to multiple input-validation vulnerabilities The issues include cross-site scripting and SQL-injection vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input Successful exploitation of these vulnerabilities could allow an ...

source: wwwsecurityfocuscom/bid/16657/info Mantis is prone to multiple input-validation vulnerabilities The issues include cross-site scripting and SQL-injection vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input Successful exploitation of these vulnerabilities could allow a ...

NVD-CWE-Other http://morph3us.org/advisories/20060214-mantis-100rc4.txt http://sourceforge.net/project/showfiles.php?group_id=14963&package_id=12175&release_id=386059 http://sourceforge.net/project/shownotes.php?release_id=386059&group_id=14963 http://www.osvdb.org/23248 http://www.osvdb.org/22487 http://www.debian.org/security/2006/dsa-1133 http://secunia.com/advisories/21400 http://www.securityfocus.com/bid/16657 http://www.securityfocus.com/archive/1/425046/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/27228/

CVE-2006-0841

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect