CVE-2011-3356

Published: Sep 21, 2011Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in config_defaults_inc.php in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO, as demonstrated by the PATH_INFO to (1) manage_config_email_page.php, (2) manage_config_workflow_page.php, or (3) bugs/plugin.php.

Affected (27)

Products: Mantisbt: Mantisbt

1 product

Configuration A

27 vulnerable

Vulnerable Software	Affected Versions
Mantisbt Mantisbt	Up to 1.2.7
Mantisbt Mantisbt	Version 0.19.3
Mantisbt Mantisbt	Version 0.19.4
Mantisbt Mantisbt	Version 1.0.0
Mantisbt Mantisbt	Version 1.0.1
Mantisbt Mantisbt	Version 1.0.2
Mantisbt Mantisbt	Version 1.0.3
Mantisbt Mantisbt	Version 1.0.4
Mantisbt Mantisbt	Version 1.0.5
Mantisbt Mantisbt	Version 1.0.6
Mantisbt Mantisbt	Version 1.0.7
Mantisbt Mantisbt	Version 1.0.8
Mantisbt Mantisbt	Version 1.1.0
Mantisbt Mantisbt	Version 1.1.1
Mantisbt Mantisbt	Version 1.1.2
Mantisbt Mantisbt	Version 1.1.4
Mantisbt Mantisbt	Version 1.1.5
Mantisbt Mantisbt	Version 1.1.6
Mantisbt Mantisbt	Version 1.1.7
Mantisbt Mantisbt	Version 1.1.8
Mantisbt Mantisbt	Version 1.2.0
Mantisbt Mantisbt	Version 1.2.1
Mantisbt Mantisbt	Version 1.2.2
Mantisbt Mantisbt	Version 1.2.3
Mantisbt Mantisbt	Version 1.2.4
Mantisbt Mantisbt	Version 1.2.5
Mantisbt Mantisbt	Version 1.2.6

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (32)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297

Source: secalert@redhat.com

ExploitPatch

http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html

Source: secalert@redhat.com

Exploit

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html

Source: secalert@redhat.com

ExploitPatch

http://secunia.com/advisories/51199

Source: secalert@redhat.com

http://security.gentoo.org/glsa/glsa-201211-01.xml

Source: secalert@redhat.com

http://securityreason.com/securityalert/8392

Source: secalert@redhat.com

http://www.mantisbt.org/bugs/view.php?id=13191

Source: secalert@redhat.com

Exploit

http://www.mantisbt.org/bugs/view.php?id=13281

Source: secalert@redhat.com

Exploit

http://www.openwall.com/lists/oss-security/2011/09/04/1

Source: secalert@redhat.com

Exploit

http://www.openwall.com/lists/oss-security/2011/09/09/9

Source: secalert@redhat.com

Exploit

http://www.securityfocus.com/archive/1/519547/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/bid/49448

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=735514

Source: secalert@redhat.com

ExploitPatch

https://exchange.xforce.ibmcloud.com/vulnerabilities/69587

Source: secalert@redhat.com

https://github.com/mantisbt/mantisbt/commit/d00745f5e267eba4ca34286d125de685bc3a8034

Source: secalert@redhat.com

Patch

https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html

Source: secalert@redhat.com

Exploit

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://secunia.com/advisories/51199

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-201211-01.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/8392

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mantisbt.org/bugs/view.php?id=13191

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.mantisbt.org/bugs/view.php?id=13281

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.openwall.com/lists/oss-security/2011/09/04/1

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.openwall.com/lists/oss-security/2011/09/09/9

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/archive/1/519547/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/49448

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=735514

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

https://exchange.xforce.ibmcloud.com/vulnerabilities/69587

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/mantisbt/mantisbt/commit/d00745f5e267eba4ca34286d125de685bc3a8034

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.