Page 14 of 115 results (0.012 seconds)

CVSS: 4.3EPSS: 0%CPEs: 40EXPL: 0

The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly validate the URL protocol, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the javascript:// protocol. La función string_insert_href en MantisBT 1.2.0a1 hasta 1.2.x anterior a 1.2.18 no valida correctamente el protocolo de URLs, lo que permite a atacantes remotos realizar ataques de XSS a través del protocolo javascript://. • http://seclists.org/oss-sec/2014/q4/867 http://seclists.org/oss-sec/2014/q4/902 http://secunia.com/advisories/62101 http://www.debian.org/security/2015/dsa-3120 https://github.com/mantisbt/mantisbt/commit/05378e00 https://www.mantisbt.org/bugs/view.php?id=17297 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.6EPSS: 0%CPEs: 42EXPL: 0

Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie. Vulnerabilidad de XSS en helper_api.php en MantisBT 1.1.0a1 hasta 1.2.x anterior a 1.2.18, cuando el navegador de proyectos extendidos está habilitado, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la cookie de proyectos. • http://seclists.org/oss-sec/2014/q4/867 http://seclists.org/oss-sec/2014/q4/902 http://secunia.com/advisories/62101 http://www.debian.org/security/2015/dsa-3120 https://github.com/mantisbt/mantisbt/commit/511564cc https://www.mantisbt.org/bugs/view.php?id=17890 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 0

Cross-site scripting (XSS) vulnerability in the "set configuration" box in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the config_option parameter, a different vulnerability than CVE-2014-8986. Vulnerabilidad de XSS en la casilla 'set configuration' en la página Configuration Report (adm_config_report.php) en MantisBT 1.2.13 hasta la versión 1.2.17, permite a administradores remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro config_option, una vulnerabilidad diferente a CVE-2014-8986. • http://www.mantisbt.org/bugs/view.php?id=17870 http://www.openwall.com/lists/oss-security/2014/11/14/9 http://www.openwall.com/lists/oss-security/2014/11/15/2 http://www.openwall.com/lists/oss-security/2014/11/15/3 http://www.openwall.com/lists/oss-security/2014/11/15/4 http://www.openwall.com/lists/oss-security/2014/11/19/21 https://github.com/mantisbt/mantisbt/commit/49c3d089 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0

MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues. MantisBT anterior a 1.2.18 no comprueba correctamente los permisos cuando envía una email que indica cuando un problema monitorizado está relacionado con otro problema, lo que permite a usuarios remotos autenticados obtener información sensible sobre los problemas restringidos. • http://seclists.org/oss-sec/2014/q4/955 http://secunia.com/advisories/62101 http://www.debian.org/security/2015/dsa-3120 https://www.mantisbt.org/bugs/changelog_page.php?version_id=191 https://www.mantisbt.org/bugs/view.php?id=9885 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter. bug_report.php en MantisBT anterior a 1.2.18 permite a atacantes remotos a asignar código arbitrario mediante el parámetro handler_id. • http://seclists.org/oss-sec/2014/q4/955 http://secunia.com/advisories/62101 http://www.debian.org/security/2015/dsa-3120 https://www.mantisbt.org/bugs/changelog_page.php?version_id=191 https://www.mantisbt.org/bugs/view.php?id=17878 • CWE-284: Improper Access Control •