fkie_nvd - fkie_cve-2011-3356

fkie_cve-2011-3356

Vulnerability from fkie_nvd

Published

2011-09-21 16:55

Modified

2024-11-21 01:30

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in config_defaults_inc.php in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO, as demonstrated by the PATH_INFO to (1) manage_config_email_page.php, (2) manage_config_workflow_page.php, or (3) bugs/plugin.php.

References

URL	Tags
secalert@redhat.com	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297	Exploit, Patch
secalert@redhat.com	http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html	Exploit
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html	Exploit, Patch
secalert@redhat.com	http://secunia.com/advisories/51199
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-201211-01.xml
secalert@redhat.com	http://securityreason.com/securityalert/8392
secalert@redhat.com	http://www.mantisbt.org/bugs/view.php?id=13191	Exploit
secalert@redhat.com	http://www.mantisbt.org/bugs/view.php?id=13281	Exploit
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2011/09/04/1	Exploit
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2011/09/09/9	Exploit
secalert@redhat.com	http://www.securityfocus.com/archive/1/519547/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/49448
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=735514	Exploit, Patch
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/69587
secalert@redhat.com	https://github.com/mantisbt/mantisbt/commit/d00745f5e267eba4ca34286d125de685bc3a8034	Patch
secalert@redhat.com	https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/51199
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201211-01.xml
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8392
af854a3a-2127-422b-91ae-364da2661108	http://www.mantisbt.org/bugs/view.php?id=13191	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.mantisbt.org/bugs/view.php?id=13281	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/09/04/1	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/09/09/9	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/519547/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/49448
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=735514	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/69587
af854a3a-2127-422b-91ae-364da2661108	https://github.com/mantisbt/mantisbt/commit/d00745f5e267eba4ca34286d125de685bc3a8034	Patch
af854a3a-2127-422b-91ae-364da2661108	https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html	Exploit

Impacted products

Vendor	Product	Version
mantisbt	mantisbt	*
mantisbt	mantisbt	0.19.3
mantisbt	mantisbt	0.19.4
mantisbt	mantisbt	1.0.0
mantisbt	mantisbt	1.0.1
mantisbt	mantisbt	1.0.2
mantisbt	mantisbt	1.0.3
mantisbt	mantisbt	1.0.4
mantisbt	mantisbt	1.0.5
mantisbt	mantisbt	1.0.6
mantisbt	mantisbt	1.0.7
mantisbt	mantisbt	1.0.8
mantisbt	mantisbt	1.1.0
mantisbt	mantisbt	1.1.1
mantisbt	mantisbt	1.1.2
mantisbt	mantisbt	1.1.4
mantisbt	mantisbt	1.1.5
mantisbt	mantisbt	1.1.6
mantisbt	mantisbt	1.1.7
mantisbt	mantisbt	1.1.8
mantisbt	mantisbt	1.2.0
mantisbt	mantisbt	1.2.1
mantisbt	mantisbt	1.2.2
mantisbt	mantisbt	1.2.3
mantisbt	mantisbt	1.2.4
mantisbt	mantisbt	1.2.5
mantisbt	mantisbt	1.2.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E421063A-47DD-4307-AB38-331301A1DC6C",
              "versionEndIncluding": "1.2.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:0.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "85A3FBD5-163C-4990-B809-A5C9C81A3C6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:0.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3FDF456-9648-4A7C-B15A-2828A32D4962",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B2602F7-2D93-4E1E-9425-4EDD23752029",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "86DE3BE3-D6C9-4905-9E61-B70776460604",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F128A2E2-D509-4B50-95C2-1A31C5B3B31F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "140D5F68-1CAB-458C-BC8B-4F726D657FE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D25F4F5-7678-41C1-93CB-305883A08527",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1A1316D-314B-4740-A836-D5E6319F4B28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBD27CCE-28C4-43CC-8CBD-D7FFB46171AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "97298C43-B881-4C11-ADB6-17A8E43EB84E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7257ADD7-C9B7-4F85-AA13-615DD033FD5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "02FE950B-5E29-4FAA-9BE5-79F38B4C38F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6F2BA78-D054-4E49-ABCA-637922898BF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4595B1E3-25AB-489E-A847-FDBF2554DD6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11A8F17-5253-475B-89FF-A26EA7531E13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A88B09D-CDCF-45FD-B004-13B597DA4F48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "49583BE8-B832-4E9F-B154-47A26C72489D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2501F40-3630-4528-BE0A-61D4BB6EC7FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9223DAF7-D03E-4A4E-8AB5-5CEB87DFF2C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFF77ABF-0A03-437A-B241-1EF2BBB83D24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F096CD6-534E-4ABF-B2DF-D4B55B8C5F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A66AB537-6FBA-4A51-B10C-BF61F54BC01B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A50835BF-D28B-47FF-81F0-C34D95D6F2E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA0EB9A6-1DFD-4C17-A002-0899DA252A56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBA33285-3EE7-43FD-8347-E7D9A18DC134",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8827C2B4-EBEC-4D64-9AC8-07A048467F40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in config_defaults_inc.php in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO, as demonstrated by the PATH_INFO to (1) manage_config_email_page.php, (2) manage_config_workflow_page.php, or (3) bugs/plugin.php."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en confige_defaults_inc.php en MantisBT antes de v1.2.8, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de PATH_INFO, como se demostr\u00f3 con el PATH_INFO de (1) manage_config_email_page.php, (2) manage_confige_workflow_page.php, o (3) bugs/plugin.php"
    }
  ],
  "id": "CVE-2011-3356",
  "lastModified": "2024-11-21T01:30:19.717",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-09-21T16:55:04.930",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/51199"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securityreason.com/securityalert/8392"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.mantisbt.org/bugs/view.php?id=13191"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.mantisbt.org/bugs/view.php?id=13281"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2011/09/04/1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2011/09/09/9"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/519547/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/49448"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=735514"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69587"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/mantisbt/mantisbt/commit/d00745f5e267eba4ca34286d125de685bc3a8034"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/51199"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.mantisbt.org/bugs/view.php?id=13191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.mantisbt.org/bugs/view.php?id=13281"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2011/09/04/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2011/09/09/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/519547/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/49448"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=735514"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69587"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/mantisbt/mantisbt/commit/d00745f5e267eba4ca34286d125de685bc3a8034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2011-3356

Vulnerability from cvelistv5

Published

2011-09-21 16:00

Modified

2024-08-06 23:29