Candidate: CVE-2013-1810
PublicDate: 2014-05-15 14:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1810
 http://www.openwall.com/lists/oss-security/2013/03/03/7
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in core/summary_api.php
 in MantisBT 1.2.12 allow remote authenticated users with manager or
 administrator permissions to inject arbitrary web script or HTML via a (1)
 category name in the summary_print_by_category function or (2) project name
 in the summary_print_by_project function.
Ubuntu-Description:
Notes:
 seth-arnold> only 1.2.12 was affected
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_mantis:
upstream_mantis: released (1.2.13)
hardy_mantis: not-affected (1.0.8-4ubuntu0.1)
lucid_mantis: not-affected (1.1.8+dfsg-4)
oneiric_mantis: not-affected (1.2.8-1)
precise_mantis: not-affected (1.2.10-1)
quantal_mantis: not-affected (1.2.11-1.1)
devel_mantis: not-affected (1.2.11-1.2)