CVE-2005-3090

Published: Sep 28, 2005Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is used to delete the bug, as identified by bug#0006002, a different vulnerability than CVE-2005-2557.

Affected (9)

Products: Mantis: Mantis

Mantis

1 product

Mantis

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Mantis Mantis	Version 0.19.0
Mantis Mantis	Version 0.19.0_rc1
Mantis Mantis	Version 0.19.0a1
Mantis Mantis	Version 0.19.0a2
Mantis Mantis	Version 0.19.1
Mantis Mantis	Version 0.19.2
Mantis Mantis	Version 1.0.0a1
Mantis Mantis	Version 1.0.0a2
Mantis Mantis	Version 1.0.0a3

References (4)

http://marc.info/?l=bugtraq&m=112786017426276&w=2

Source: cve@mitre.org

http://www.debian.org/security/2005/dsa-778

Source: cve@mitre.org

PatchVendor Advisory

http://marc.info/?l=bugtraq&m=112786017426276&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2005/dsa-778

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.