Candidate: CVE-2010-3303
PublicDate: 2010-10-05 22:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3303
 http://www.mantisbt.org/bugs/changelog_page.php?version_id=111
 http://www.openwall.com/lists/oss-security/2010/09/14/12
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before
 1.2.3 allow remote authenticated administrators to inject arbitrary web
 script or HTML via (1) a plugin name, related to
 manage_plugin_uninstall.php; (2) an enumeration value or (3) a String value
 of a custom field, related to core/cfdefs/cfdef_standard.php; or a (4)
 project or (5) category name to print_all_bug_page_word.php.
Ubuntu-Description:
Notes:
Bugs:
 http://www.mantisbt.org/bugs/view.php?id=12238
 http://www.mantisbt.org/bugs/view.php?id=12234
 http://www.mantisbt.org/bugs/view.php?id=12232
 http://www.mantisbt.org/bugs/view.php?id=12231
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_mantis:
upstream_mantis: released (1.2.3)
dapper_mantis: ignored (reached end-of-life)
hardy_mantis: ignored (reached end-of-life)
jaunty_mantis: ignored (reached end-of-life)
karmic_mantis: ignored (reached end-of-life)
lucid_mantis: ignored (reached end-of-life)
maverick_mantis: ignored (reached end-of-life)
natty_mantis: ignored (reached end-of-life)
oneiric_mantis: not-affected (1.2.8-1)
precise_mantis: not-affected (1.2.8-1)
quantal_mantis: not-affected (1.2.8-1)
raring_mantis: not-affected (1.2.8-1)
saucy_mantis: not-affected (1.2.8-1)
devel_mantis: DNE