CVE-2005-3337

2005-10-2710:02:00

mitre

web.nvd.nist.gov

cve

2005

3337

xss

vulnerabilities

mantis

web script

html

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.004

Percentile

75.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php.

Affected configurations

Nvd

Node

mantismantisMatch0.19.0

mantismantisMatch0.19.0_rc1

mantismantisMatch0.19.0a1

mantismantisMatch0.19.0a2

mantismantisMatch0.19.1

mantismantisMatch0.19.2

mantismantisMatch0.19.3

VendorProductVersionCPE
mantismantis0.19.0cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*
mantismantis0.19.0_rc1cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*
mantismantis0.19.0a1cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*
mantismantis0.19.0a2cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*
mantismantis0.19.1cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*
mantismantis0.19.2cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*
mantismantis0.19.3cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mantis	mantis	0.19.0	cpe:2.3:a:mantis:mantis:0.19.0:::::::*
mantis	mantis	0.19.0_rc1	cpe:2.3:a:mantis:mantis:0.19.0_rc1:::::::*
mantis	mantis	0.19.0a1	cpe:2.3:a:mantis:mantis:0.19.0a1:::::::*
mantis	mantis	0.19.0a2	cpe:2.3:a:mantis:mantis:0.19.0a2:::::::*
mantis	mantis	0.19.1	cpe:2.3:a:mantis:mantis:0.19.1:::::::*
mantis	mantis	0.19.2	cpe:2.3:a:mantis:mantis:0.19.2:::::::*
mantis	mantis	0.19.3	cpe:2.3:a:mantis:mantis:0.19.3:::::::*