Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0197

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-0197
Last Modified 16 May 2014 08:44:36
Published 15 May 2014 10:55:06
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-0197

Summary

Cross-site scripting (XSS) vulnerability in the filter_draw_selection_area2 function in core/filter_api.php in MantisBT 1.2.12 before 1.2.13 allows remote attackers to inject arbitrary web script or HTML via the match_type parameter to bugs/search.php.

Vulnerable Systems

Application

  • Mantisbt 1.2.12

  • Mantisbt 1.2.13


References

CONFIRM - http://www.mantisbt.org/bugs/view.php?id=15373

SECUNIA - 51853

MLIST - [oss-security] 20130121 Re: CVE request: MantisBT before 1.2.13 match_type XSS vulnerability

MLIST - [oss-security] 20130118 Re: CVE request: MantisBT before 1.2.13 match_type XSS vulnerability

MLIST - [oss-security] 20130118 CVE request: MantisBT before 1.2.13 match_type XSS vulnerability

MISC - http://hauntit.blogspot.de/2013/01/en-mantis-bug-tracker-1212-persistent.html


Last Updated: 27 May 2016 11:05:18