CVE-2011-3358

Published: Sep 21, 2011Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) os, (2) os_build, or (3) platform parameter to (a) bug_report_page.php or (b) bug_update_advanced_page.php, related to use of the Projax library.

Affected (27)

Products: Mantisbt: Mantisbt

1 product

Configuration A

27 vulnerable

Vulnerable Software	Affected Versions
Mantisbt Mantisbt	Up to 1.2.7
Mantisbt Mantisbt	Version 0.19.3
Mantisbt Mantisbt	Version 0.19.4
Mantisbt Mantisbt	Version 1.0.0
Mantisbt Mantisbt	Version 1.0.1
Mantisbt Mantisbt	Version 1.0.2
Mantisbt Mantisbt	Version 1.0.3
Mantisbt Mantisbt	Version 1.0.4
Mantisbt Mantisbt	Version 1.0.5
Mantisbt Mantisbt	Version 1.0.6
Mantisbt Mantisbt	Version 1.0.7
Mantisbt Mantisbt	Version 1.0.8
Mantisbt Mantisbt	Version 1.1.0
Mantisbt Mantisbt	Version 1.1.1
Mantisbt Mantisbt	Version 1.1.2
Mantisbt Mantisbt	Version 1.1.4
Mantisbt Mantisbt	Version 1.1.5
Mantisbt Mantisbt	Version 1.1.6
Mantisbt Mantisbt	Version 1.1.7
Mantisbt Mantisbt	Version 1.1.8
Mantisbt Mantisbt	Version 1.2.0
Mantisbt Mantisbt	Version 1.2.1
Mantisbt Mantisbt	Version 1.2.2
Mantisbt Mantisbt	Version 1.2.3
Mantisbt Mantisbt	Version 1.2.4
Mantisbt Mantisbt	Version 1.2.5
Mantisbt Mantisbt	Version 1.2.6

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (32)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297

Source: secalert@redhat.com

ExploitPatch

http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html

Source: secalert@redhat.com

Exploit

http://secunia.com/advisories/45961

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/51199

Source: secalert@redhat.com

http://security.gentoo.org/glsa/glsa-201211-01.xml

Source: secalert@redhat.com

http://securityreason.com/securityalert/8392

Source: secalert@redhat.com

http://www.debian.org/security/2011/dsa-2308

Source: secalert@redhat.com

ExploitPatch

http://www.openwall.com/lists/oss-security/2011/09/04/1

Source: secalert@redhat.com

Exploit

http://www.openwall.com/lists/oss-security/2011/09/09/9

Source: secalert@redhat.com

Exploit

http://www.securityfocus.com/archive/1/519547/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/bid/49448

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=735514

Source: secalert@redhat.com

ExploitPatch

https://exchange.xforce.ibmcloud.com/vulnerabilities/69589

Source: secalert@redhat.com

https://github.com/mantisbt/mantisbt/commit/0a636b37d3425aea7b781e7f25eaeb164ac54a3d

Source: secalert@redhat.com

Patch

https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html

Source: secalert@redhat.com

Exploit

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://secunia.com/advisories/45961

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/51199

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-201211-01.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/8392

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2011/dsa-2308

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://www.openwall.com/lists/oss-security/2011/09/04/1

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.openwall.com/lists/oss-security/2011/09/09/9

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/archive/1/519547/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/49448

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=735514

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

https://exchange.xforce.ibmcloud.com/vulnerabilities/69589

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/mantisbt/mantisbt/commit/0a636b37d3425aea7b781e7f25eaeb164ac54a3d

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.