oss-sec mailing list archives
Re: CVE request: mantis before 1.2.3 (XSS)
From: Kurt Seifried <kurt () seifried org>
Date: Tue, 14 Sep 2010 17:20:10 -0600
On Tue, Sep 14, 2010 at 3:09 PM, Hanno Böck <hanno () hboeck de> wrote:
Addition: http://www.mantisbt.org/bugs/changelog_page.php?version_id=111 lists six different xss issues.
The first two of which have CVE #'s CVE-2010-3070 - 0012312: [security] NuSOAP WSDL XSS (cross-site scripting vulnerability) in Mantis 1.2.2 (dhx) - resolved. CVE-2010-2574 - 0012230: [security] XSS vulnerability when deleting maliciously named categories (dhx) - resolved. These four have no CVE #: - 0012231: [security] XSS vulnerability when uninstalling maliciously named plugins (dhx) - resolved. - 0012232: [security] Multiple XSS issues with custom field enumeration values (dhx) - resolved. - 0012234: [security] XSS issues when using custom field String values (dhx) - resolved. - 0012238: [security] XSS in print_all_bug_page_word.php when printing project and category names (dhx) - resolved. -- Kurt Seifried kurt () seifried org tel: 1-703-879-3176
Current thread:
- CVE request: mantis before 1.2.3 (XSS) Hanno Böck (Sep 14)
- Re: CVE request: mantis before 1.2.3 (XSS) Hanno Böck (Sep 14)
- Re: CVE request: mantis before 1.2.3 (XSS) Kurt Seifried (Sep 14)
- Re: CVE request: mantis before 1.2.3 (XSS) Josh Bressers (Sep 16)
- Re: CVE request: mantis before 1.2.3 (XSS) Kurt Seifried (Sep 14)
- Re: CVE request: mantis before 1.2.3 (XSS) Kurt Seifried (Sep 14)
- Re: CVE request: mantis before 1.2.3 (XSS) Hanno Böck (Sep 14)