oss-sec mailing list archives

Re: CVE request: mantis before 1.2.3 (XSS)

From: Josh Bressers <bressers () redhat com>
Date: Thu, 16 Sep 2010 16:10:27 -0400 (EDT)

----- "Kurt Seifried" <kurt () seifried org> wrote:


These four have no CVE #:
- 0012231: [security] XSS vulnerability when uninstalling maliciously
named plugins (dhx) - resolved.
- 0012232: [security] Multiple XSS issues with custom field
enumeration values (dhx) - resolved.
- 0012234: [security] XSS issues when using custom field String
values
(dhx) - resolved.
- 0012238: [security] XSS in print_all_bug_page_word.php when
printing
project and category names (dhx) - resolved.


I'm assigning one ID to all four of these. If someone thinks they should be
split, let me know.

Use CVE-2010-3303

Thanks.

-- 
    JB

Current thread:

CVE request: mantis before 1.2.3 (XSS) Hanno Böck (Sep 14)
- Re: CVE request: mantis before 1.2.3 (XSS) Hanno Böck (Sep 14)
  - Re: CVE request: mantis before 1.2.3 (XSS) Kurt Seifried (Sep 14)
    - Re: CVE request: mantis before 1.2.3 (XSS) Josh Bressers (Sep 16)
- Re: CVE request: mantis before 1.2.3 (XSS) Kurt Seifried (Sep 14)