CVE-2011-2938

Name of the Vulnerable Software and Affected Versions MantisBT versions prior to 1.2.7

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via a parameter. For example, the project id parameter to the "search.php" endpoint is vulnerable. This could potentially lead to malicious script execution.

Recommendations For versions prior to 1.2.7, update to version 1.2.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the filter api.php file and the search.php endpoint to minimize the risk of exploitation. Avoid using the project id parameter in the affected endpoint until the issue is resolved.