Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9271

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-9271
Last Modified 12 Jan 2015 12:36:57
Published 09 Jan 2015 01:59:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-9271

Summary

Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename.

Vulnerable Systems

Operating System

  • Debian Linux 7.0

Application

  • Mantisbt 1.1.0

  • Mantisbt 1.1.1

  • Mantisbt 1.1.2

  • Mantisbt 1.1.3

  • Mantisbt 1.1.4

  • Mantisbt 1.1.5

  • Mantisbt 1.1.6

  • Mantisbt 1.1.7

  • Mantisbt 1.1.8

  • Mantisbt 1.1.9

  • Mantisbt 1.2.0

  • Mantisbt 1.2.1

  • Mantisbt 1.2.10

  • Mantisbt 1.2.11

  • Mantisbt 1.2.12

  • Mantisbt 1.2.13

  • Mantisbt 1.2.14

  • Mantisbt 1.2.15

  • Mantisbt 1.2.16

  • Mantisbt 1.2.17

  • Mantisbt 1.2.2

  • Mantisbt 1.2.3

  • Mantisbt 1.2.4

  • Mantisbt 1.2.5

  • Mantisbt 1.2.6

  • Mantisbt 1.2.7

  • Mantisbt 1.2.8

  • Mantisbt 1.2.9


References

CONFIRM - https://www.mantisbt.org/bugs/view.php?id=17874

CONFIRM - https://github.com/mantisbt/mantisbt/commit/9fb8cf36f

DEBIAN - DSA-3120

MLIST - [oss-security] 20141205 Re: CVE Request: Multiple XSS vulnerabilities in MantisBT

MLIST - [oss-security] 20141204 Re: CVE Request: Multiple XSS vulnerabilities in MantisBT

MLIST - [oss-security] 20141201 CVE Request: Multiple XSS vulnerabilities in MantisBT


Last Updated: 27 May 2016 11:07:29