oss-sec mailing list archives
Re: CVE Request: Multiple XSS vulnerabilities in MantisBT
From: cve-assign () mitre org
Date: Thu, 4 Dec 2014 13:20:15 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
1. XSS in extended project browser [1] http://github.com/mantisbt/mantisbt/commit/511564cc [2] http://www.mantisbt.org/bugs/view.php?id=17890
Use CVE-2014-9269.
2. XSS in projax_api.php [3] http://github.com/mantisbt/mantisbt/commit/0bff06ec [4] http://www.mantisbt.org/bugs/view.php?id=17583
Use CVE-2014-9270.
3. XSS in admin panel / copy_field.php [5] http://github.com/mantisbt/mantisbt/commit/e5fc835a [6] http://www.mantisbt.org/bugs/view.php?id=17876
Use CVE-2014-9271. Issues 3 and 5 are MERGED into the same CVE ID because they are the same type of issue, affecting the same versions, disclosed at the same time, and found by the same person.
4. XSS in string_insert_hrefs() [8] http://github.com/mantisbt/mantisbt/commit/05378e00 [9] http://www.mantisbt.org/bugs/view.php?id=17297
Use CVE-2014-9272.
5. XSS in file uploads [10] http://github.com/mantisbt/mantisbt/commit/9fb8cf36f [11] http://www.mantisbt.org/bugs/view.php?id=17874
Use CVE-2014-9271. Issues 3 and 5 are MERGED into the same CVE ID because they are the same type of issue, affecting the same versions, disclosed at the same time, and found by the same person. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEVAwUBVICkqKllVAevmvmsAQKuBQgAxVb3LZJ82oRHEpIKAGioXOw6bm1umxAh CRzFnVZUrUpZFB3vIAjAcatJXXLjZmk0NSHqWeguZ08q95lS9ockXcyYaoS5UKWG dyqPpZVCbhsmbSc8jf88IdT3EUAScdpof8dpCnYLSzRKdmq15GIYmYlnapms3+sK 6EhVvxwrv85Giu2b2KLAB/6cjV75ATDtBu6IFC7GJed+2kc7ef8eTmJoiGQ+mdtB 73ZGoykBlyBN5a6PVcfqPMtn58x6I8jUn4Oug382aKttVB5udp9ciRQSD0Yqdhv6 F9bUrVPMStuTdnk64F/JDYI9x001jjCah2DiW2IMBOodjvtUr+qgPw== =wjH5 -----END PGP SIGNATURE-----
Current thread:
- CVE Request: Multiple XSS vulnerabilities in MantisBT Damien Regad (Nov 30)
- Re: CVE Request: Multiple XSS vulnerabilities in MantisBT cve-assign (Dec 04)
- Re: CVE Request: Multiple XSS vulnerabilities in MantisBT Damien Regad (Dec 05)
- Re: CVE Request: Multiple XSS vulnerabilities in MantisBT Paul Richards (Dec 05)
- Re: CVE Request: Multiple XSS vulnerabilities in MantisBT Damien Regad (Dec 05)
- Re: CVE Request: Multiple XSS vulnerabilities in MantisBT cve-assign (Dec 05)
- Re: CVE Request: Multiple XSS vulnerabilities in MantisBT Damien Regad (Dec 05)
- Re: CVE Request: Multiple XSS vulnerabilities in MantisBT cve-assign (Dec 04)