Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1730

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2004-1730
Last Modified 05 Sep 2008 04:42:11
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-1730

Summary

Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php.

Vulnerable Systems

Application

  • Mantis 0.10

  • Mantis 0.10.1

  • Mantis 0.10.2

  • Mantis 0.11

  • Mantis 0.11.1

  • Mantis 0.12

  • Mantis 0.13

  • Mantis 0.13.1

  • Mantis 0.14

  • Mantis 0.14.1

  • Mantis 0.14.2

  • Mantis 0.14.3

  • Mantis 0.14.4

  • Mantis 0.14.5

  • Mantis 0.14.6

  • Mantis 0.14.7

  • Mantis 0.14.8

  • Mantis 0.15

  • Mantis 0.15.1

  • Mantis 0.15.10

  • Mantis 0.15.11

  • Mantis 0.15.12

  • Mantis 0.15.2

  • Mantis 0.15.3

  • Mantis 0.15.4

  • Mantis 0.15.5

  • Mantis 0.15.6

  • Mantis 0.15.7

  • Mantis 0.15.8

  • Mantis 0.15.9

  • Mantis 0.16

  • Mantis 0.16.0

  • Mantis 0.16.1

  • Mantis 0.17

  • Mantis 0.17.0

  • Mantis 0.17.1

  • Mantis 0.17.2

  • Mantis 0.17.3

  • Mantis 0.17.4

  • Mantis 0.17.4a

  • Mantis 0.17.5

  • Mantis 0.18

  • Mantis 0.18.0 Rc1

  • Mantis 0.18.0a2

  • Mantis 0.18.0a3

  • Mantis 0.18.0a4

  • Mantis 0.18a1

  • Mantis 0.19.0a

  • Mantis 0.9

  • Mantis 0.9.1


References

SECUNIA - 12338

XF - mantis-viewallset-xss(17072)

XF - mantis-loginselectprojpage-xss(17070)

XF - mantis-signup-xss(17069)

XF - mantis-loginpage-xss(17066)

BID - 10994

BUGTRAQ - 20040820 Multiple Vulnerabilities in Mantis Bugtracker


Last Updated: 27 May 2016 10:39:09