Launchpad CVE tracker

CVE 2010-3303

Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an enumeration value or (3) a String value of a custom field, related to core/cfdefs/cfdef_standard.php; or a (4) project or (5) category name to print_all_bug_page_word.php.

Related bugs and status

CVE-2010-3303 (Candidate) is related to these bugs:

Bug #690482: MantisBT <1.2.4 multiple vulnerabilities (LFI, XSS and PD)

		In	Importance	Status
690482	MantisBT <1.2.4 multiple vulnerabilities (LFI, XSS and PD)	mantis (Ubuntu)	Low	Triaged
690482	MantisBT <1.2.4 multiple vulnerabilities (LFI, XSS and PD)	mantis (Debian)	Unknown	Fix Released
690482	MantisBT <1.2.4 multiple vulnerabilities (LFI, XSS and PD)	Gentoo Linux	High	Fix Released
690482	MantisBT <1.2.4 multiple vulnerabilities (LFI, XSS and PD)	mantis (Fedora)	Medium	Fix Released
690482	MantisBT <1.2.4 multiple vulnerabilities (LFI, XSS and PD)	mantis (Ubuntu Hardy)	Low	Won't Fix
690482	MantisBT <1.2.4 multiple vulnerabilities (LFI, XSS and PD)	mantis (Ubuntu Lucid)	Low	Won't Fix
690482	MantisBT <1.2.4 multiple vulnerabilities (LFI, XSS and PD)	mantis (Ubuntu Maverick)	Low	Won't Fix
690482	MantisBT <1.2.4 multiple vulnerabilities (LFI, XSS and PD)	mantis (Ubuntu Karmic)	Low	Won't Fix

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2010-3303

References