CVE-2007-6611

Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://osvdb.org/39873
http://secunia.com/advisories/28185	Vendor Advisory
http://secunia.com/advisories/28352	Vendor Advisory
http://secunia.com/advisories/28551	Vendor Advisory
http://secunia.com/advisories/29198
http://security.gentoo.org/glsa/glsa-200803-04.xml
http://sourceforge.net/project/shownotes.php?release_id=562940
http://www.debian.org/security/2008/dsa-1467
http://www.mantisbt.org/bugs/view.php?id=8679
http://www.securityfocus.com/bid/27045	Patch
https://bugzilla.redhat.com/show_bug.cgi?id=427277
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html
http://osvdb.org/39873
http://secunia.com/advisories/28185	Vendor Advisory
http://secunia.com/advisories/28352	Vendor Advisory
http://secunia.com/advisories/28551	Vendor Advisory
http://secunia.com/advisories/29198
http://security.gentoo.org/glsa/glsa-200803-04.xml
http://sourceforge.net/project/shownotes.php?release_id=562940
http://www.debian.org/security/2008/dsa-1467
http://www.mantisbt.org/bugs/view.php?id=8679
http://www.securityfocus.com/bid/27045	Patch
https://bugzilla.redhat.com/show_bug.cgi?id=427277
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html

Configurations

Configuration 1 (hide)

cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:40

Type	Values Removed	Values Added
References	~~() http://osvdb.org/39873 -~~	() http://osvdb.org/39873 -
References	~~() http://secunia.com/advisories/28185 - Vendor Advisory~~	() http://secunia.com/advisories/28185 - Vendor Advisory
References	~~() http://secunia.com/advisories/28352 - Vendor Advisory~~	() http://secunia.com/advisories/28352 - Vendor Advisory
References	~~() http://secunia.com/advisories/28551 - Vendor Advisory~~	() http://secunia.com/advisories/28551 - Vendor Advisory
References	~~() http://secunia.com/advisories/29198 -~~	() http://secunia.com/advisories/29198 -
References	~~() http://security.gentoo.org/glsa/glsa-200803-04.xml -~~	() http://security.gentoo.org/glsa/glsa-200803-04.xml -
References	~~() http://sourceforge.net/project/shownotes.php?release_id=562940 -~~	() http://sourceforge.net/project/shownotes.php?release_id=562940 -
References	~~() http://www.debian.org/security/2008/dsa-1467 -~~	() http://www.debian.org/security/2008/dsa-1467 -
References	~~() http://www.mantisbt.org/bugs/view.php?id=8679 -~~	() http://www.mantisbt.org/bugs/view.php?id=8679 -
References	~~() http://www.securityfocus.com/bid/27045 - Patch~~	() http://www.securityfocus.com/bid/27045 - Patch
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=427277 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=427277 -
References	~~() https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html -~~	() https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html -
References	~~() https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html -~~	() https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html -

Information

Published : 2008-01-03 22:46

Updated : 2024-11-21 00:40

NVD link : CVE-2007-6611

Mitre link : CVE-2007-6611

CVE.ORG link : CVE-2007-6611

JSON object : View

Products Affected

mantis

mantis

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.3 /10