PT-2005-3920 · Mantis · Mantis

Jose Antonio Coret

Published

2005-09-28

Updated

2016-10-18

CVE-2005-3090

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Mantis versions 0.19.0a1 through 1.0.0a3

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the summary of the bug. This occurs because the summary is not properly quoted when the view all bug page.php page is used to delete the bug.

Recommendations For Mantis versions 0.19.0a1 through 1.0.0a3, consider updating to a version where this issue is fixed, although the specific fixed version is not provided in the available data. As a temporary workaround, restrict the ability to inject arbitrary web script or HTML via the bug summary to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-3090

Affected Products

Mantis

PT-2005-3920 · Mantis · Mantis

CVE-2005-3090

Related Identifiers

Affected Products

References · 3