Page 23 of 113 results (0.003 seconds)

CVSS: 3.5EPSS: 0%CPEs: 37EXPL: 0

Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 allows remote authenticated users to inject arbitrary web script or HTML via an HTML document with a .gif filename extension, related to inline attachments. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en MantisBT antes de v1.2.2 permite a los usuarios remotos autenticados inyectar HTML o scripts web a través de un documento HTML con una extensión .gif . Se trata de un problema relacionado con los archivos adjuntos en línea. • http://www.mantisbt.org/blog/?p=113 http://www.mantisbt.org/bugs/view.php?id=11952 http://www.openwall.com/lists/oss-security/2010/08/02/16 http://www.openwall.com/lists/oss-security/2010/08/03/7 https://bugzilla.redhat.com/show_bug.cgi?id=620992 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en manage_proj_cat_add.php en MantisBT v1.2.2 permite a administradores autenticados remotamente inyectar código web o HTML de su elección a través del parámetro "name" en una acción "Add Category". • http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048548.html http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048639.html http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048659.html http://secunia.com/advisories/40832 http://secunia.com/advisories/41653 http://secunia.com/secunia_research/2010-103 http://www.mantisbt.org/bugs/changelog_page.php?version_id=111 http://www.mantisbt.org/bugs/view.php?id=12230 http://www.openwal • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0

Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. Mantis versiones 1.1.x hasta 1.1.2 y versiones 1.2.x hasta 1.2.0a2, no establece el flag de seguridad para la cookie de sesión en https, lo que puede causar que la cookie se envíe en peticiones http y haga mas fácil para los atacantes remotos la captura esta cookie. • http://int21.de/cve/CVE-2008-3102-mantis.html http://secunia.com/advisories/32243 http://secunia.com/advisories/32330 http://secunia.com/advisories/32975 http://securityreason.com/securityalert/4298 http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml http://www.securityfocus.com/archive/1/496625/100/0/threaded http://www.securityfocus.com/archive/1/496684/100/0/threaded http://www.securityfocus.com/bid/31344 https://exchange.xforce.ibmcloud.com/vulnerabilities/45395 h • CWE-310: Cryptographic Issues •