CVE-2011-2938
Published: 21 September 2011
Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php in MantisBT before 1.2.7 allow remote attackers to inject arbitrary web script or HTML via a parameter, as demonstrated by the project_id parameter to search.php.
Notes
Author | Note |
---|---|
jdstrand | per Debian, 1.1.8 not affected |
Priority
Status
Package | Release | Status |
---|---|---|
mantis Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
upstream |
Released
(1.2.6-1, 1.2.7)
|
|
Patches: other: https://github.com/mantisbt/mantisbt/commit/317f3db3a3c68775de3acf3b15f55b1e3c18f93b |