Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9269

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2014-9269
Last Modified 12 Jan 2015 12:34:57
Published 09 Jan 2015 01:59:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2014-9269

Summary

Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie.

Vulnerable Systems

Operating System

  • Debian Linux 7.0

Application

  • Mantisbt 1.1.0

  • Mantisbt 1.1.1

  • Mantisbt 1.1.2

  • Mantisbt 1.1.3

  • Mantisbt 1.1.4

  • Mantisbt 1.1.5

  • Mantisbt 1.1.6

  • Mantisbt 1.1.7

  • Mantisbt 1.1.8

  • Mantisbt 1.1.9

  • Mantisbt 1.2.0

  • Mantisbt 1.2.0a1

  • Mantisbt 1.2.0a2

  • Mantisbt 1.2.1

  • Mantisbt 1.2.10

  • Mantisbt 1.2.11

  • Mantisbt 1.2.12

  • Mantisbt 1.2.13

  • Mantisbt 1.2.14

  • Mantisbt 1.2.15

  • Mantisbt 1.2.16

  • Mantisbt 1.2.17

  • Mantisbt 1.2.2

  • Mantisbt 1.2.3

  • Mantisbt 1.2.4

  • Mantisbt 1.2.5

  • Mantisbt 1.2.6

  • Mantisbt 1.2.7

  • Mantisbt 1.2.8

  • Mantisbt 1.2.9


References

CONFIRM - https://www.mantisbt.org/bugs/view.php?id=17890

CONFIRM - https://github.com/mantisbt/mantisbt/commit/511564cc

DEBIAN - DSA-3120

MLIST - [oss-security] 20141204 Re: CVE Request: Multiple XSS vulnerabilities in MantisBT

MLIST - [oss-security] 20141201 CVE Request: Multiple XSS vulnerabilities in MantisBT


Last Updated: 27 May 2016 11:07:29