CVE-2005-3090

Name of the Vulnerable Software and Affected Versions Mantis versions 0.19.0a1 through 1.0.0a3

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the summary of the bug. This occurs because the summary is not properly quoted when the view all bug page.php page is used to delete the bug.

Recommendations For Mantis versions 0.19.0a1 through 1.0.0a3, consider updating to a version where this issue is fixed, although the specific fixed version is not provided in the available data. As a temporary workaround, restrict the ability to inject arbitrary web script or HTML via the bug summary to minimize the risk of exploitation.