Lucene search

RedhatCVE-2013-4460

HistoryJan 10, 2014 - 3:55 p.m.

CVE-2013-4460

2014-01-1015:55:03

CWE-79

redhat

web.nvd.nist.gov

cve-2013-4460

xss

vulnerability

mantisbt

web security

nvd

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

46.2%

JSON

Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via a project name.

Affected configurations

Nvd

Node

mantisbtmantisbtMatch1.0.0

mantisbtmantisbtMatch1.0.0a1

mantisbtmantisbtMatch1.0.0a2

mantisbtmantisbtMatch1.0.0a3

mantisbtmantisbtMatch1.0.0rc1

mantisbtmantisbtMatch1.0.0rc2

mantisbtmantisbtMatch1.0.0rc3

mantisbtmantisbtMatch1.0.0rc4

mantisbtmantisbtMatch1.0.0rc5

mantisbtmantisbtMatch1.0.1

mantisbtmantisbtMatch1.0.2

mantisbtmantisbtMatch1.0.3

mantisbtmantisbtMatch1.0.4

mantisbtmantisbtMatch1.0.5

mantisbtmantisbtMatch1.0.6

mantisbtmantisbtMatch1.0.7

mantisbtmantisbtMatch1.0.8

mantisbtmantisbtMatch1.0.9

mantisbtmantisbtMatch1.1.0

mantisbtmantisbtMatch1.1.0a1

mantisbtmantisbtMatch1.1.0a2

mantisbtmantisbtMatch1.1.0a3

mantisbtmantisbtMatch1.1.0a4

mantisbtmantisbtMatch1.1.0rc1

mantisbtmantisbtMatch1.1.0rc2

mantisbtmantisbtMatch1.1.0rc3

mantisbtmantisbtMatch1.1.1

mantisbtmantisbtMatch1.1.2

mantisbtmantisbtMatch1.1.3

mantisbtmantisbtMatch1.1.4

mantisbtmantisbtMatch1.1.5

mantisbtmantisbtMatch1.1.6

mantisbtmantisbtMatch1.1.7

mantisbtmantisbtMatch1.1.8

mantisbtmantisbtMatch1.1.9

mantisbtmantisbtMatch1.2.0

mantisbtmantisbtMatch1.2.0alpha1

mantisbtmantisbtMatch1.2.0alpha2

mantisbtmantisbtMatch1.2.0alpha3

mantisbtmantisbtMatch1.2.0rc1

mantisbtmantisbtMatch1.2.0rc2

mantisbtmantisbtMatch1.2.1

mantisbtmantisbtMatch1.2.2

mantisbtmantisbtMatch1.2.3

mantisbtmantisbtMatch1.2.4

mantisbtmantisbtMatch1.2.5

mantisbtmantisbtMatch1.2.6

mantisbtmantisbtMatch1.2.7

mantisbtmantisbtMatch1.2.8

mantisbtmantisbtMatch1.2.9

mantisbtmantisbtMatch1.2.10

mantisbtmantisbtMatch1.2.11

mantisbtmantisbtMatch1.2.13

mantisbtmantisbtMatch1.2.14

mantisbtmantisbtMatch1.2.15

VendorProductVersionCPE
mantisbtmantisbt1.0.0cpe:2.3:a:mantisbt:mantisbt:1.0.0:*:*:*:*:*:*:*
mantisbtmantisbt1.0.0cpe:2.3:a:mantisbt:mantisbt:1.0.0:a1:*:*:*:*:*:*
mantisbtmantisbt1.0.0cpe:2.3:a:mantisbt:mantisbt:1.0.0:a2:*:*:*:*:*:*
mantisbtmantisbt1.0.0cpe:2.3:a:mantisbt:mantisbt:1.0.0:a3:*:*:*:*:*:*
mantisbtmantisbt1.0.0cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc1:*:*:*:*:*:*
mantisbtmantisbt1.0.0cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc2:*:*:*:*:*:*
mantisbtmantisbt1.0.0cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc3:*:*:*:*:*:*
mantisbtmantisbt1.0.0cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc4:*:*:*:*:*:*
mantisbtmantisbt1.0.0cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc5:*:*:*:*:*:*
mantisbtmantisbt1.0.1cpe:2.3:a:mantisbt:mantisbt:1.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mantisbt	mantisbt	1.0.0	cpe:2.3:a:mantisbt:mantisbt:1.0.0:::::::*
mantisbt	mantisbt	1.0.0	cpe:2.3:a:mantisbt:mantisbt:1.0.0:a1::::::
mantisbt	mantisbt	1.0.0	cpe:2.3:a:mantisbt:mantisbt:1.0.0:a2::::::
mantisbt	mantisbt	1.0.0	cpe:2.3:a:mantisbt:mantisbt:1.0.0:a3::::::
mantisbt	mantisbt	1.0.0	cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc1::::::
mantisbt	mantisbt	1.0.0	cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc2::::::
mantisbt	mantisbt	1.0.0	cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc3::::::
mantisbt	mantisbt	1.0.0	cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc4::::::
mantisbt	mantisbt	1.0.0	cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc5::::::
mantisbt	mantisbt	1.0.1	cpe:2.3:a:mantisbt:mantisbt:1.0.1:::::::*