Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mantis mantis 1.0.0a1 |
||
mantis mantis 1.0.0a2 |
||
mantis mantis 1.0.0_rc1 |
||
mantis mantis 1.0.0_rc2 |
||
mantis mantis 1.0.0_rc3 |
||
mantis mantis 1.0.0_rc4 |
||
mantis mantis 1.0 |
||
mantis mantis 1.0.0a3 |
||
mantis mantis 1.0.1 |