Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 up to and including 1.2.x prior to 1.2.18, when Extended project browser is enabled, allows remote malicious users to inject arbitrary web script or HTML via the project cookie.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
mantisbt mantisbt 1.1.0 |
||
mantisbt mantisbt 1.1.4 |
||
mantisbt mantisbt 1.1.5 |
||
mantisbt mantisbt 1.2.0 |
||
mantisbt mantisbt 1.2.4 |
||
mantisbt mantisbt 1.2.5 |
||
mantisbt mantisbt 1.2.12 |
||
mantisbt mantisbt 1.2.13 |
||
mantisbt mantisbt 1.1.1 |
||
mantisbt mantisbt 1.1.8 |
||
mantisbt mantisbt 1.1.9 |
||
mantisbt mantisbt 1.2.0a2 |
||
mantisbt mantisbt 1.2.1 |
||
mantisbt mantisbt 1.2.8 |
||
mantisbt mantisbt 1.2.9 |
||
mantisbt mantisbt 1.2.17 |
||
mantisbt mantisbt 1.1.6 |
||
mantisbt mantisbt 1.1.7 |
||
mantisbt mantisbt 1.2.0a1 |
||
mantisbt mantisbt 1.2.6 |
||
mantisbt mantisbt 1.2.7 |
||
mantisbt mantisbt 1.2.14 |
||
mantisbt mantisbt 1.2.15 |
||
mantisbt mantisbt 1.2.16 |
||
mantisbt mantisbt 1.1.2 |
||
mantisbt mantisbt 1.1.3 |
||
mantisbt mantisbt 1.2.2 |
||
mantisbt mantisbt 1.2.3 |
||
mantisbt mantisbt 1.2.10 |
||
mantisbt mantisbt 1.2.11 |
||
debian debian linux 7.0 |
Vulmon