CVE-2005-3337

Name of the Vulnerable Software and Affected Versions Mantis versions prior to 0.19.3

Description The issue involves multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML. This is possible via unknown vectors involving Javascript and the 'mantis/view all set.php' endpoint.

Recommendations For versions prior to 0.19.3, update to version 0.19.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the 'mantis/view all set.php' endpoint until a patch is available. Avoid using Javascript in unknown vectors in the affected versions until the issue is resolved.