CVE-2013-4460

Sažetak

Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via a project name.

Reference

http://osvdb.org/98823
http://seclists.org/oss-sec/2013/q4/168
http://secunia.com/advisories/55305
http://www.mantisbt.org/bugs/view.php?id=16513
https://github.com/mantisbt/mantisbt/commit/0002d106a6cd35cb0a6fe03246531a4e3f32c9d0#diff-4122320b011a3291cd45da074a867076

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

12-01-2021 - 18:05

Objavljeno

10-01-2014 - 15:55