Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0841

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-0841
Last Modified 05 Sep 2008 05:00:21
Published 21 Feb 2006 09:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0841

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522.

Vulnerable Systems

Application

  • Mantis 0.10

  • Mantis 0.10.0

  • Mantis 0.10.1

  • Mantis 0.10.2

  • Mantis 0.11

  • Mantis 0.11.0

  • Mantis 0.11.1

  • Mantis 0.12

  • Mantis 0.12.0

  • Mantis 0.13

  • Mantis 0.13.0

  • Mantis 0.13.1

  • Mantis 0.14

  • Mantis 0.14.0

  • Mantis 0.14.1

  • Mantis 0.14.2

  • Mantis 0.14.3

  • Mantis 0.14.4

  • Mantis 0.14.5

  • Mantis 0.14.6

  • Mantis 0.14.7

  • Mantis 0.14.8

  • Mantis 0.15

  • Mantis 0.15.0

  • Mantis 0.15.1

  • Mantis 0.15.2

  • Mantis 0.16

  • Mantis 0.16.0

  • Mantis 0.17

  • Mantis 0.17.0

  • Mantis 0.17.4a

  • Mantis 0.18

  • Mantis 0.18.0

  • Mantis 0.18.0 Rc1

  • Mantis 0.18.0a1

  • Mantis 0.18.0a2

  • Mantis 0.18.0a3

  • Mantis 0.18.0a4

  • Mantis 0.18.1

  • Mantis 0.18.2

  • Mantis 0.18.3

  • Mantis 0.18a1

  • Mantis 0.19.0

  • Mantis 0.19.0 Rc1

  • Mantis 0.19.0a

  • Mantis 0.19.0a1

  • Mantis 0.19.0a2

  • Mantis 0.19.1

  • Mantis 0.19.2

  • Mantis 0.19.3

  • Mantis 0.19.4

  • Mantis 0.9

  • Mantis 0.9.0

  • Mantis 0.9.1

  • Mantis 1.0.0 Rc1

  • Mantis 1.0.0 Rc2

  • Mantis 1.0.0 Rc3

  • Mantis 1.0.0 Rc4

  • Mantis 1.0.0a1

  • Mantis 1.0.0a2

  • Mantis 1.0.0a3


References

BUGTRAQ - 20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4

MISC - http://sourceforge.net/project/shownotes.php?release_id=386059&group_id=14963

MISC - http://morph3us.org/advisories/20060214-mantis-100rc4.txt

OSVDB - 23248

MISC - http://sourceforge.net/project/showfiles.php?group_id=14963&package_id=12175&release_id=386059

BID - 16657

OSVDB - 22487

DEBIAN - DSA-1133

SECUNIA - 21400


Last Updated: 27 May 2016 10:41:49