CVE-2013-1810

Multiple cross-site scripting (XSS) vulnerabilities in core/summary_api.php in MantisBT 1.2.12 allow remote authenticated users with manager or administrator permissions to inject arbitrary web script or HTML via a (1) category name in the summary_print_by_category function or (2) project name in the summary_print_by_project function.

Published: May 15, 2014
Updated: Apr 13, 2023
CVE: CVE-2013-1810
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.1
AV:N/AC:H/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
mantisbt / mantisbt	1.2.12	1.2.12.x

http://seclists.org/oss-sec/2013/q1/127
http://seclists.org/oss-sec/2013/q1/556
http://secunia.com/advisories/51853
http://www.mantisbt.org/bugs/view.php?id=15384

Vulnerability Database

289,782

CVE-2013-1810