Multiple cross-site scripting (XSS) vulnerabilities in core/summary_api.php in MantisBT 1.2.12 allow remote authenticated users with manager or administrator permissions to inject arbitrary web script or HTML via a (1) category name in the summary_print_by_category function or (2) project name in the summary_print_by_project function.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2014-05-15T14:00:00
Updated: 2014-05-15T13:57:00
Reserved: 2013-02-19T00:00:00
Link: CVE-2013-1810
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-05-15T14:55:06.747
Modified: 2014-05-16T12:51:48.747
Link: CVE-2013-1810
JSON object: View
Redhat Information
No data.
CWE