Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2014-9571

Published: 26/01/2015 Updated: 08/09/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Mantisbt

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in admin/install.php in MantisBT prior to 1.2.19 and 1.3.x prior to 1.3.0-beta.2 allows remote malicious users to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mantisbt mantisbt 1.3.0

mantisbt mantisbt

Exploits

Exploit DB: MantisBT 1.2.17 XSS / Improper Access Control / SQL Injection
MantisBT version 1217 suffers from improper access control, cross site scripting, and remote SQL injection vulnerabilities ...

References

CWE-79http://seclists.org/oss-sec/2015/q1/156https://www.htbridge.com/advisory/HTB23243https://www.mantisbt.org/bugs/view.php?id=17938https://www.mantisbt.org/bugs/view.php?id=17937https://github.com/mantisbt/mantisbt/commit/6d47c047https://github.com/mantisbt/mantisbt/commit/132cd6d0http://www.securitytracker.com/id/1031633https://exchange.xforce.ibmcloud.com/vulnerabilities/100209https://nvd.nist.govhttps://packetstormsecurity.com/files/130173/MantisBT-1.2.17-XSS-Improper-Access-Control-SQL-Injection.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook