CVE-2010-3763
- EPSS 0.6%
- Published 05.10.2010 22:00:06
- Last modified 11.04.2025 00:51:21
Cross-site scripting (XSS) vulnerability in core/summary_api.php in MantisBT before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the Summary field, a different vector than CVE-2010-3303.
CVE-2010-3303
- EPSS 0.39%
- Published 05.10.2010 22:00:05
- Last modified 11.04.2025 00:51:21
Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an enumeration value or (...
CVE-2010-2802
- EPSS 0.23%
- Published 07.09.2010 17:00:01
- Last modified 11.04.2025 00:51:21
Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 allows remote authenticated users to inject arbitrary web script or HTML via an HTML document with a .gif filename extension, related to inline attachments.
CVE-2010-2574
- EPSS 0.42%
- Published 10.08.2010 12:23:06
- Last modified 11.04.2025 00:51:21
Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action.
- EPSS 1.25%
- Published 24.09.2008 11:42:25
- Last modified 09.04.2025 00:30:58
Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.