Lucene search

MitreCVE-2010-3763

HistoryOct 05, 2010 - 10:00 p.m.

CVE-2010-3763

2010-10-0522:00:06

CWE-79

mitre

web.nvd.nist.gov

cve-2010-3763

cross-site scripting

xss

mantisbt

summary field

web script

html

vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.003

Percentile

70.6%

JSON

Cross-site scripting (XSS) vulnerability in core/summary_api.php in MantisBT before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the Summary field, a different vector than CVE-2010-3303.

Affected configurations

Nvd

Node

mantisbtmantisbtRange≤1.2.2

mantisbtmantisbtMatch0.18.0

mantisbtmantisbtMatch0.19.0

mantisbtmantisbtMatch0.19.0rc1

mantisbtmantisbtMatch0.19.0a1

mantisbtmantisbtMatch0.19.0a2

mantisbtmantisbtMatch0.19.1

mantisbtmantisbtMatch0.19.2

mantisbtmantisbtMatch0.19.3

mantisbtmantisbtMatch0.19.4

mantisbtmantisbtMatch0.19.5

mantisbtmantisbtMatch1.0.0

mantisbtmantisbtMatch1.0.0rc1

mantisbtmantisbtMatch1.0.0rc2

mantisbtmantisbtMatch1.0.0rc3

mantisbtmantisbtMatch1.0.0rc4

mantisbtmantisbtMatch1.0.0rc5

mantisbtmantisbtMatch1.0.0a1

mantisbtmantisbtMatch1.0.0a2

mantisbtmantisbtMatch1.0.0a3

mantisbtmantisbtMatch1.0.1

mantisbtmantisbtMatch1.0.2

mantisbtmantisbtMatch1.0.3

mantisbtmantisbtMatch1.0.4

mantisbtmantisbtMatch1.0.5

mantisbtmantisbtMatch1.0.6

mantisbtmantisbtMatch1.0.7

mantisbtmantisbtMatch1.0.8

mantisbtmantisbtMatch1.1.0

mantisbtmantisbtMatch1.1.1

mantisbtmantisbtMatch1.1.2

mantisbtmantisbtMatch1.1.4

mantisbtmantisbtMatch1.1.5

mantisbtmantisbtMatch1.1.6

mantisbtmantisbtMatch1.1.7

mantisbtmantisbtMatch1.1.8

mantisbtmantisbtMatch1.2.0

mantisbtmantisbtMatch1.2.1

VendorProductVersionCPE
mantisbtmantisbt*cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*
mantisbtmantisbt0.18.0cpe:2.3:a:mantisbt:mantisbt:0.18.0:*:*:*:*:*:*:*
mantisbtmantisbt0.19.0cpe:2.3:a:mantisbt:mantisbt:0.19.0:*:*:*:*:*:*:*
mantisbtmantisbt0.19.0cpe:2.3:a:mantisbt:mantisbt:0.19.0:rc1:*:*:*:*:*:*
mantisbtmantisbt0.19.0a1cpe:2.3:a:mantisbt:mantisbt:0.19.0a1:*:*:*:*:*:*:*
mantisbtmantisbt0.19.0a2cpe:2.3:a:mantisbt:mantisbt:0.19.0a2:*:*:*:*:*:*:*
mantisbtmantisbt0.19.1cpe:2.3:a:mantisbt:mantisbt:0.19.1:*:*:*:*:*:*:*
mantisbtmantisbt0.19.2cpe:2.3:a:mantisbt:mantisbt:0.19.2:*:*:*:*:*:*:*
mantisbtmantisbt0.19.3cpe:2.3:a:mantisbt:mantisbt:0.19.3:*:*:*:*:*:*:*
mantisbtmantisbt0.19.4cpe:2.3:a:mantisbt:mantisbt:0.19.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mantisbt	mantisbt	*	cpe:2.3:a:mantisbt:mantisbt::::::::
mantisbt	mantisbt	0.18.0	cpe:2.3:a:mantisbt:mantisbt:0.18.0:::::::*
mantisbt	mantisbt	0.19.0	cpe:2.3:a:mantisbt:mantisbt:0.19.0:::::::*
mantisbt	mantisbt	0.19.0	cpe:2.3:a:mantisbt:mantisbt:0.19.0:rc1::::::
mantisbt	mantisbt	0.19.0a1	cpe:2.3:a:mantisbt:mantisbt:0.19.0a1:::::::*
mantisbt	mantisbt	0.19.0a2	cpe:2.3:a:mantisbt:mantisbt:0.19.0a2:::::::*
mantisbt	mantisbt	0.19.1	cpe:2.3:a:mantisbt:mantisbt:0.19.1:::::::*
mantisbt	mantisbt	0.19.2	cpe:2.3:a:mantisbt:mantisbt:0.19.2:::::::*
mantisbt	mantisbt	0.19.3	cpe:2.3:a:mantisbt:mantisbt:0.19.3:::::::*
mantisbt	mantisbt	0.19.4	cpe:2.3:a:mantisbt:mantisbt:0.19.4:::::::*