CVE Vulnerabilities

CVE-2005-3090

Published: Sep 28, 2005 | Modified: Oct 18, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is used to delete the bug, as identified by bug#0006002, a different vulnerability than CVE-2005-2557.

Affected Software

Name Vendor Start Version End Version
Mantis Mantis 0.19.0 (including) 0.19.0 (including)
Mantis Mantis 0.19.0_rc1 (including) 0.19.0_rc1 (including)
Mantis Mantis 0.19.0a1 (including) 0.19.0a1 (including)
Mantis Mantis 0.19.0a2 (including) 0.19.0a2 (including)
Mantis Mantis 0.19.1 (including) 0.19.1 (including)
Mantis Mantis 0.19.2 (including) 0.19.2 (including)
Mantis Mantis 1.0.0a1 (including) 1.0.0a1 (including)
Mantis Mantis 1.0.0a2 (including) 1.0.0a2 (including)
Mantis Mantis 1.0.0a3 (including) 1.0.0a3 (including)
Mantis Ubuntu dapper *
Mantis Ubuntu devel *
Mantis Ubuntu edgy *
Mantis Ubuntu feisty *

References