CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
EPSS
Percentile
51.1%
Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before
1.2.3 allow remote authenticated administrators to inject arbitrary web
script or HTML via (1) a plugin name, related to
manage_plugin_uninstall.php; (2) an enumeration value or (3) a String value
of a custom field, related to core/cfdefs/cfdef_standard.php; or a (4)
project or (5) category name to print_all_bug_page_word.php.