Required CVE Record Information
Description
Cross-site scripting (XSS) vulnerability in the filter_draw_selection_area2 function in core/filter_api.php in MantisBT 1.2.12 before 1.2.13 allows remote attackers to inject arbitrary web script or HTML via the match_type parameter to bugs/search.php.
References 6 Total
- http://www.mantisbt.org/bugs/view.php?id=15373
- seclists.org: [oss-security] 20130118 Re: CVE request: MantisBT before 1.2.13 match_type XSS vulnerability mailing-list
- http://hauntit.blogspot.de/2013/01/en-mantis-bug-tracker-1212-persistent.html
- seclists.org: [oss-security] 20130121 Re: CVE request: MantisBT before 1.2.13 match_type XSS vulnerability mailing-list
- secunia.com: 51853 third-party-advisory
- seclists.org: [oss-security] 20130118 CVE request: MantisBT before 1.2.13 match_type XSS vulnerability mailing-list
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 6 Total
- http://www.mantisbt.org/bugs/view.php?id=15373 x_transferred
- seclists.org: [oss-security] 20130118 Re: CVE request: MantisBT before 1.2.13 match_type XSS vulnerability mailing-listx_transferred
- http://hauntit.blogspot.de/2013/01/en-mantis-bug-tracker-1212-persistent.html x_transferred
- seclists.org: [oss-security] 20130121 Re: CVE request: MantisBT before 1.2.13 match_type XSS vulnerability mailing-listx_transferred
- secunia.com: 51853 third-party-advisoryx_transferred
- seclists.org: [oss-security] 20130118 CVE request: MantisBT before 1.2.13 match_type XSS vulnerability mailing-listx_transferred