Candidate: CVE-2013-0197
PublicDate: 2014-05-15 14:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0197
 http://www.mantisbt.org/bugs/view.php?id=15373
 http://marc.info/?l=oss-security&m=135876600302683&w=2
Description:
 Cross-site scripting (XSS) vulnerability in the filter_draw_selection_area2
 function in core/filter_api.php in MantisBT 1.2.12 before 1.2.13 allows
 remote attackers to inject arbitrary web script or HTML via the match_type
 parameter to bugs/search.php.
Ubuntu-Description:
Notes:
 seth-arnold> marc.info URL reports 1.2.12-only
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698481
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_mantis:
 upstream: https://github.com/mantisbt/mantisbt/commit/5b491868
upstream_mantis: released (1.2.13)
hardy_mantis: ignored (reached end-of-life)
lucid_mantis: not-affected (1.1.8+dfsg-4)
oneiric_mantis: not-affected (1.2.8-1)
precise_mantis: not-affected (1.2.10-1)
quantal_mantis: not-affected (1.2.11-1.1)
devel_mantis: not-affected (1.2.11-1.2)