FlexeraCVE-2010-2574

HistoryAug 10, 2010 - 12:23 p.m.

CVE-2010-2574

2010-08-1012:23:06

CWE-79

flexera

web.nvd.nist.gov

mantisbt

xss

vulnerability

remote

authenticated

administrators

web script

html

nvd

CVSS2

2.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

48.7%

JSON

Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action.

Affected configurations

Nvd

Node

mantisbtmantisbtMatch1.2.2

VendorProductVersionCPE
mantisbtmantisbt1.2.2cpe:2.3:a:mantisbt:mantisbt:1.2.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mantisbt	mantisbt	1.2.2	cpe:2.3:a:mantisbt:mantisbt:1.2.2:::::::*

References

lists.fedoraproject.org/pipermail/package-announce/2010-September/048548.html

lists.fedoraproject.org/pipermail/package-announce/2010-September/048639.html

lists.fedoraproject.org/pipermail/package-announce/2010-September/048659.html

secunia.com/advisories/40832

secunia.com/advisories/41653

secunia.com/secunia_research/2010-103/

www.mantisbt.org/bugs/changelog_page.php?version_id=111

www.mantisbt.org/bugs/view.php?id=12230

www.openwall.com/lists/oss-security/2010/09/14/12

www.openwall.com/lists/oss-security/2010/09/14/13

www.securityfocus.com/archive/1/512886/100/0/threaded

www.vupen.com/english/advisories/2010/2535

CVSS2

2.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

48.7%

JSON

Related for CVE-2010-2574