oss-sec mailing list archives
Re: Multiple CVE requests for MantisBT
From: Damien Regad <damien.regad () merckgroup com>
Date: Mon, 8 Apr 2013 09:47:13 +0000 (UTC)
Kurt Seifried <kseifried@...> writes:
Please use CVE-2013-1930 for this issue.
Hi Kurt, Thanks for assigning the 3 CVE's.
4. XSS issue on Configuration Report page when displaying complex value This issue affects Mantis 1.2.0rc1 and later. Lack of proper string escaping allows users (having admin access) to enter arbitrary javascript code and have it executed on the user's browser. Reference: http://www.mantisbt.org/bugs/view.php?id=15416Does this count as a proper release or does it fall into the "beta" classification?
1.2.0rc1 was a beta release. The first "proper" release affected by this was 1.2.0 Hope this clarifies, let me know if you need more info. Damien
Current thread:
- Multiple CVE requests for MantisBT Damien Regad (Apr 04)
- Re: Multiple CVE requests for MantisBT Kurt Seifried (Apr 05)
- Re: Multiple CVE requests for MantisBT Damien Regad (Apr 08)
- Re: Re: Multiple CVE requests for MantisBT Kurt Seifried (Apr 08)
- Re: Re: Multiple CVE requests for MantisBT Kurt Seifried (Apr 08)
- Re: Re: Multiple CVE requests for MantisBT Damien Regad (Apr 08)
- Re: Re: Re: Multiple CVE requests for MantisBT Kurt Seifried (Apr 08)
- Re: Multiple CVE requests for MantisBT Damien Regad (Apr 08)
- Re: Multiple CVE requests for MantisBT Kurt Seifried (Apr 05)