Lucene search
HistorySep 28, 2005 - 9:03 p.m.
CVE-2005-2557
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.4
Confidence
High
EPSS
0.005
Percentile
76.9%
Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090.
Affected configurations
Node
mantismantisMatch0.19.0
ORmantismantisMatch0.19.0_rc1
ORmantismantisMatch0.19.0a1
ORmantismantisMatch0.19.0a2
ORmantismantisMatch0.19.1
ORmantismantisMatch0.19.2
ORmantismantisMatch1.0.0a1
ORmantismantisMatch1.0.0a2
ORmantismantisMatch1.0.0a3
Node
debiandebian_linuxMatch3.1
ORdebiandebian_linuxMatch3.1alpha
ORdebiandebian_linuxMatch3.1amd64
ORdebiandebian_linuxMatch3.1arm
ORdebiandebian_linuxMatch3.1hppa
ORdebiandebian_linuxMatch3.1ia-32
ORdebiandebian_linuxMatch3.1ia-64
ORdebiandebian_linuxMatch3.1m68k
ORdebiandebian_linuxMatch3.1mips
ORdebiandebian_linuxMatch3.1mipsel
ORdebiandebian_linuxMatch3.1ppc
ORdebiandebian_linuxMatch3.1s-390
ORdebiandebian_linuxMatch3.1sparc
ORgentoolinux
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mantis | mantis | 0.19.0 | cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:* |
| mantis | mantis | 0.19.0_rc1 | cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:* |
| mantis | mantis | 0.19.0a1 | cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:* |
| mantis | mantis | 0.19.0a2 | cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:* |
| mantis | mantis | 0.19.1 | cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:* |
| mantis | mantis | 0.19.2 | cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:* |
| mantis | mantis | 1.0.0a1 | cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:* |
| mantis | mantis | 1.0.0a2 | cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:* |
| mantis | mantis | 1.0.0a3 | cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:* |
| debian | debian_linux | 3.1 | cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:* |
Related
ubuntucve
ubuntucve
CVE-2005-2557
2005-09-28 00:00:00
CVE-2005-3090
2005-09-28 00:00:00
cvelist
cvelist
CVE-2005-2557
2005-09-28 04:00:00
CVE-2005-3090
2005-09-28 04:00:00
cve
cve
CVE-2005-2557
2005-09-28 21:03:00
CVE-2005-3090
2005-09-28 22:03:00
nvd
nvd
CVE-2005-3090
2005-09-28 22:03:00
osv
osv
mantis - missing input sanitising
2005-08-19 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-778-1)
2008-01-17 00:00:00
MantisBT < 1.0.0rc2 Multiple Vulnerabilities
2006-03-26 00:00:00
Mantis Multiple Flaws (4)
2006-03-26 00:00:00
nessus
nessus
Mantis < 1.0.0rc2 Multiple Vulnerabilities
2005-08-22 00:00:00
Debian DSA-778-1 : mantis - missing input sanitising
2005-08-23 00:00:00
GLSA-200509-16 : Mantis: XSS and SQL injection vulnerabilities
2005-10-05 00:00:00
exploitdb
exploitdb
Mantis Bug Tracker 0.x/1.0 - Multiple Input Validation Vulnerabilities
2005-08-19 00:00:00
debian
debian
[SECURITY] [DSA 778-1] New mantis packages fix several vulnerabilities
2005-08-19 13:59:56
[SECURITY] [DSA 778-1] New mantis packages fix several vulnerabilities
2005-08-19 13:59:56
securityvulns
securityvulns
[SECURITY] [DSA 778-1] New mantis packages fix several vulnerabilities
2005-08-19 00:00:00
gentoo
gentoo
Mantis: XSS and SQL injection vulnerabilities
2005-09-24 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.4
Confidence
High
EPSS
0.005
Percentile
76.9%
Related for NVD:CVE-2005-2557