Candidate: CVE-2010-2574
PublicDate: 2010-08-10 12:23:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2574
 https://jira.jboss.org/browse/SOA-2105
Description:
 Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in
 MantisBT 1.2.2 allows remote authenticated administrators to inject
 arbitrary web script or HTML via the name parameter in an Add Category
 action.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595510
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_mantis:
 upstream: http://git.mantisbt.org/?p=mantisbt.git;a=commitdiff;h=083c34f06ca927b16e781bae3ae324f450c35ea4
upstream_mantis: released (1.2.3)
dapper_mantis: ignored (reached end-of-life)
hardy_mantis: ignored (reached end-of-life)
jaunty_mantis: ignored (reached end-of-life)
karmic_mantis: ignored (reached end-of-life)
lucid_mantis: ignored (reached end-of-life)
maverick_mantis: not-affected (1.1.8+dfsg-6)
natty_mantis: not-affected (1.1.8+dfsg-6)
oneiric_mantis: not-affected (1.1.8+dfsg-6)
precise_mantis: not-affected (1.1.8+dfsg-6)
quantal_mantis: not-affected (1.1.8+dfsg-6)
raring_mantis: not-affected (1.1.8+dfsg-6)
saucy_mantis: not-affected (1.1.8+dfsg-6)
devel_mantis: DNE