oss-sec mailing list archives
CVE request: mantis before 1.2.3 (XSS)
From: Hanno Böck <hanno () hboeck de>
Date: Tue, 14 Sep 2010 23:06:07 +0200
From release notes "Issue #12312 covers an XSS vulnerability in the upstream NuSOAP library. The fix has been applied to the library included in MantisBT releases, and a patch has been submitted upstream for future releases of NuSOAP. See http://www.mantisbt.org/bugs/view.php?id=12312 for further details. Also included with 1.2.3 are another round of XSS fixes to MantisBT, improved excel export, translation updates, and bug fixes to the SOAP API, installation, plugin system, and email notifications." So although it's both xss, one is in mantis itself and one in the shipped/bundled nusoap, so we should have 2 CVEs. -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno () hboeck de http://schokokeks.org - professional webhosting
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE request: mantis before 1.2.3 (XSS) Hanno Böck (Sep 14)
- Re: CVE request: mantis before 1.2.3 (XSS) Hanno Böck (Sep 14)
- Re: CVE request: mantis before 1.2.3 (XSS) Kurt Seifried (Sep 14)
- Re: CVE request: mantis before 1.2.3 (XSS) Josh Bressers (Sep 16)
- Re: CVE request: mantis before 1.2.3 (XSS) Kurt Seifried (Sep 14)
- Re: CVE request: mantis before 1.2.3 (XSS) Kurt Seifried (Sep 14)
- Re: CVE request: mantis before 1.2.3 (XSS) Hanno Böck (Sep 14)