CVSS: 6.1EPSS: 0%CPEs: 38EXPL: 0CVE-2010-3763
https://notcve.org/view.php?id=CVE-2010-3763
05 Oct 2010 — Cross-site scripting (XSS) vulnerability in core/summary_api.php in MantisBT before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the Summary field, a different vector than CVE-2010-3303. Una vulnerabilidad de ejecución de comandos en sitios cruzados en core/summary_api.php en MantisBT antes de la versión v1.2.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo de 'Summary'. Se trata de un problema diferente al de CVE-2010-3303. • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 38EXPL: 0CVE-2010-3303
https://notcve.org/view.php?id=CVE-2010-3303
05 Oct 2010 — Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an enumeration value or (3) a String value of a custom field, related to core/cfdefs/cfdef_standard.php; or a (4) project or (5) category name to print_all_bug_page_word.php. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en MantisBT antes de v1.2.3 permite... • http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048548.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2010-2574
https://notcve.org/view.php?id=CVE-2010-2574
09 Aug 2010 — Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en manage_proj_cat_add.php en MantisBT v1.2.2 permite a administradores autenticados remotamente inyectar código web o HTML de su elección a través del parámetro "name" en una acción "Add Category". • http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048548.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •