Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2011-AVI-506
Vulnerability from certfr_avis - Published: 2011-09-13 - Updated: 2011-09-23
Plusieurs vulnérabilités affectent MantisBT et permettent en particulier de l'injection de code.
Description
Plusieurs vulnérabilités affectent le gestionnaire de bogues MantisBT :
- le défaut de validation des entrées dans plusieurs scripts PHP permet à un utilisateur malveillant de réaliser des injections de code indirectes à distance (XSS) ;
- le défaut de validation des entrées dans plusieurs scripts PHP permet à un utilisateur malveillant de parcourir l'arborescence du système de fichiers et d'inclure des fichiers (LFI ou local file inclusion).
Solution
La version 1.2.8 de MantisBT corrige ces vulnérabilités.
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
MantisBT 1.2.x.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eMantisBT 1.2.x.\u003c/p\u003e",
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectent le gestionnaire de bogues MantisBT\u00a0:\n\n- le d\u00e9faut de validation des entr\u00e9es dans plusieurs scripts PHP\n permet \u00e0 un utilisateur malveillant de r\u00e9aliser des injections de\n code indirectes \u00e0 distance (XSS)\u00a0;\n- le d\u00e9faut de validation des entr\u00e9es dans plusieurs scripts PHP\n permet \u00e0 un utilisateur malveillant de parcourir l\u0027arborescence du\n syst\u00e8me de fichiers et d\u0027inclure des fichiers (LFI ou local file\n inclusion).\n\n## Solution\n\nLa version 1.2.8 de MantisBT corrige ces vuln\u00e9rabilit\u00e9s.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-3356",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3356"
},
{
"name": "CVE-2011-3357",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3357"
},
{
"name": "CVE-2011-3358",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3358"
},
{
"name": "CVE-2011-3578",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3578"
}
],
"initial_release_date": "2011-09-13T00:00:00",
"last_revision_date": "2011-09-23T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 2308 du 12 septembre 2011 :",
"url": "http://www.debian.org/security/2011/dsa-2308"
}
],
"reference": "CERTA-2011-AVI-506",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-09-13T00:00:00.000000"
},
{
"description": "ajout de r\u00e9f\u00e9rences CVE.",
"revision_date": "2011-09-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectent MantisBT et permettent en particulier\nde l\u0027injection de code.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans MantisBT",
"vendor_advisories": [
{
"published_at": null,
"title": "Annonce de la version 1.2.8 de MantisBT du 6 septembre 2011",
"url": "http://www.mantisbt.org/"
}
]
}
CVE-2011-3358 (GCVE-0-2011-3358)
Vulnerability from cvelistv5 – Published: 2011-09-21 16:00 – Updated: 2024-08-06 23:29
VLAI?
EPSS
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) os, (2) os_build, or (3) platform parameter to (a) bug_report_page.php or (b) bug_update_advanced_page.php, related to use of the Projax library.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8392",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8392"
},
{
"name": "DSA-2308",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2308"
},
{
"name": "[oss-security] 20110904 CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/04/1"
},
{
"name": "GLSA-201211-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"
},
{
"name": "mantisbt-bugreportpage-xss(69589)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69589"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html"
},
{
"name": "45961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45961"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=735514"
},
{
"name": "49448",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49448"
},
{
"name": "51199",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51199"
},
{
"name": "[oss-security] 20110909 Re: CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/09/9"
},
{
"name": "[debian-security-tracker] 20110908 Security Fix for mantis stable 1.1.8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html"
},
{
"name": "FEDORA-2011-12369",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mantisbt/mantisbt/commit/0a636b37d3425aea7b781e7f25eaeb164ac54a3d"
},
{
"name": "20110905 Multiple vulnerabilities in MantisBT",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/519547/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) os, (2) os_build, or (3) platform parameter to (a) bug_report_page.php or (b) bug_update_advanced_page.php, related to use of the Projax library."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "8392",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8392"
},
{
"name": "DSA-2308",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2308"
},
{
"name": "[oss-security] 20110904 CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/04/1"
},
{
"name": "GLSA-201211-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"
},
{
"name": "mantisbt-bugreportpage-xss(69589)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69589"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html"
},
{
"name": "45961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45961"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=735514"
},
{
"name": "49448",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49448"
},
{
"name": "51199",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51199"
},
{
"name": "[oss-security] 20110909 Re: CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/09/9"
},
{
"name": "[debian-security-tracker] 20110908 Security Fix for mantis stable 1.1.8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html"
},
{
"name": "FEDORA-2011-12369",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mantisbt/mantisbt/commit/0a636b37d3425aea7b781e7f25eaeb164ac54a3d"
},
{
"name": "20110905 Multiple vulnerabilities in MantisBT",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/519547/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) os, (2) os_build, or (3) platform parameter to (a) bug_report_page.php or (b) bug_update_advanced_page.php, related to use of the Projax library."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8392",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8392"
},
{
"name": "DSA-2308",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2308"
},
{
"name": "[oss-security] 20110904 CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/09/04/1"
},
{
"name": "GLSA-201211-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"
},
{
"name": "mantisbt-bugreportpage-xss(69589)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69589"
},
{
"name": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html",
"refsource": "MISC",
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html"
},
{
"name": "45961",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45961"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=735514",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=735514"
},
{
"name": "49448",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49448"
},
{
"name": "51199",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51199"
},
{
"name": "[oss-security] 20110909 Re: CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/09/09/9"
},
{
"name": "[debian-security-tracker] 20110908 Security Fix for mantis stable 1.1.8",
"refsource": "MLIST",
"url": "http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html"
},
{
"name": "FEDORA-2011-12369",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html"
},
{
"name": "https://github.com/mantisbt/mantisbt/commit/0a636b37d3425aea7b781e7f25eaeb164ac54a3d",
"refsource": "CONFIRM",
"url": "https://github.com/mantisbt/mantisbt/commit/0a636b37d3425aea7b781e7f25eaeb164ac54a3d"
},
{
"name": "20110905 Multiple vulnerabilities in MantisBT",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519547/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3358",
"datePublished": "2011-09-21T16:00:00",
"dateReserved": "2011-08-30T00:00:00",
"dateUpdated": "2024-08-06T23:29:56.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3356 (GCVE-0-2011-3356)
Vulnerability from cvelistv5 – Published: 2011-09-21 16:00 – Updated: 2024-08-06 23:29
VLAI?
EPSS
Summary
Multiple cross-site scripting (XSS) vulnerabilities in config_defaults_inc.php in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO, as demonstrated by the PATH_INFO to (1) manage_config_email_page.php, (2) manage_config_workflow_page.php, or (3) bugs/plugin.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8392",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8392"
},
{
"name": "[oss-security] 20110904 CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/04/1"
},
{
"name": "GLSA-201211-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=735514"
},
{
"name": "49448",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49448"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=13281"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=13191"
},
{
"name": "51199",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51199"
},
{
"name": "mantisbt-unspecified-xss(69587)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69587"
},
{
"name": "[oss-security] 20110909 Re: CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/09/9"
},
{
"name": "[debian-security-tracker] 20110908 Security Fix for mantis stable 1.1.8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html"
},
{
"name": "FEDORA-2011-12369",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mantisbt/mantisbt/commit/d00745f5e267eba4ca34286d125de685bc3a8034"
},
{
"name": "20110905 Multiple vulnerabilities in MantisBT",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/519547/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in config_defaults_inc.php in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO, as demonstrated by the PATH_INFO to (1) manage_config_email_page.php, (2) manage_config_workflow_page.php, or (3) bugs/plugin.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "8392",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8392"
},
{
"name": "[oss-security] 20110904 CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/04/1"
},
{
"name": "GLSA-201211-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=735514"
},
{
"name": "49448",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49448"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=13281"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=13191"
},
{
"name": "51199",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51199"
},
{
"name": "mantisbt-unspecified-xss(69587)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69587"
},
{
"name": "[oss-security] 20110909 Re: CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/09/9"
},
{
"name": "[debian-security-tracker] 20110908 Security Fix for mantis stable 1.1.8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html"
},
{
"name": "FEDORA-2011-12369",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mantisbt/mantisbt/commit/d00745f5e267eba4ca34286d125de685bc3a8034"
},
{
"name": "20110905 Multiple vulnerabilities in MantisBT",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/519547/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in config_defaults_inc.php in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO, as demonstrated by the PATH_INFO to (1) manage_config_email_page.php, (2) manage_config_workflow_page.php, or (3) bugs/plugin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8392",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8392"
},
{
"name": "[oss-security] 20110904 CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/09/04/1"
},
{
"name": "GLSA-201211-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"
},
{
"name": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html",
"refsource": "MISC",
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=735514",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=735514"
},
{
"name": "49448",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49448"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=13281",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=13281"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=13191",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=13191"
},
{
"name": "51199",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51199"
},
{
"name": "mantisbt-unspecified-xss(69587)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69587"
},
{
"name": "[oss-security] 20110909 Re: CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/09/09/9"
},
{
"name": "[debian-security-tracker] 20110908 Security Fix for mantis stable 1.1.8",
"refsource": "MLIST",
"url": "http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html"
},
{
"name": "FEDORA-2011-12369",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html"
},
{
"name": "https://github.com/mantisbt/mantisbt/commit/d00745f5e267eba4ca34286d125de685bc3a8034",
"refsource": "CONFIRM",
"url": "https://github.com/mantisbt/mantisbt/commit/d00745f5e267eba4ca34286d125de685bc3a8034"
},
{
"name": "20110905 Multiple vulnerabilities in MantisBT",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519547/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3356",
"datePublished": "2011-09-21T16:00:00",
"dateReserved": "2011-08-30T00:00:00",
"dateUpdated": "2024-08-06T23:29:56.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3578 (GCVE-0-2011-3578)
Vulnerability from cvelistv5 – Published: 2011-09-21 16:00 – Updated: 2024-08-06 23:37
VLAI?
EPSS
Summary
Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to bug_actiongroup_page.php, a different vulnerability than CVE-2011-3357.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8392",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8392"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f"
},
{
"name": "DSA-2308",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2308"
},
{
"name": "[oss-security] 20110904 CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/04/1"
},
{
"name": "GLSA-201211-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html"
},
{
"name": "[oss-security] 20110904 Re: CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/04/2"
},
{
"name": "45961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45961"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=735514"
},
{
"name": "49448",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49448"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=13281"
},
{
"name": "51199",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51199"
},
{
"name": "[oss-security] 20110909 Re: CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/09/9"
},
{
"name": "[debian-security-tracker] 20110908 Security Fix for mantis stable 1.1.8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html"
},
{
"name": "FEDORA-2011-12369",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html"
},
{
"name": "20110905 Multiple vulnerabilities in MantisBT",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/519547/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to bug_actiongroup_page.php, a different vulnerability than CVE-2011-3357."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8392",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8392"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f"
},
{
"name": "DSA-2308",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2308"
},
{
"name": "[oss-security] 20110904 CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/04/1"
},
{
"name": "GLSA-201211-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html"
},
{
"name": "[oss-security] 20110904 Re: CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/04/2"
},
{
"name": "45961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45961"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=735514"
},
{
"name": "49448",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49448"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=13281"
},
{
"name": "51199",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51199"
},
{
"name": "[oss-security] 20110909 Re: CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/09/9"
},
{
"name": "[debian-security-tracker] 20110908 Security Fix for mantis stable 1.1.8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html"
},
{
"name": "FEDORA-2011-12369",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html"
},
{
"name": "20110905 Multiple vulnerabilities in MantisBT",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/519547/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to bug_actiongroup_page.php, a different vulnerability than CVE-2011-3357."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8392",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8392"
},
{
"name": "https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f",
"refsource": "CONFIRM",
"url": "https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f"
},
{
"name": "DSA-2308",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2308"
},
{
"name": "[oss-security] 20110904 CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/09/04/1"
},
{
"name": "GLSA-201211-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"
},
{
"name": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html",
"refsource": "MISC",
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html"
},
{
"name": "[oss-security] 20110904 Re: CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/09/04/2"
},
{
"name": "45961",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45961"
},
{
"name": "https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d",
"refsource": "CONFIRM",
"url": "https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=735514",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=735514"
},
{
"name": "49448",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49448"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=13281",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=13281"
},
{
"name": "51199",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51199"
},
{
"name": "[oss-security] 20110909 Re: CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/09/09/9"
},
{
"name": "[debian-security-tracker] 20110908 Security Fix for mantis stable 1.1.8",
"refsource": "MLIST",
"url": "http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html"
},
{
"name": "FEDORA-2011-12369",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html"
},
{
"name": "20110905 Multiple vulnerabilities in MantisBT",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519547/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3578",
"datePublished": "2011-09-21T16:00:00",
"dateReserved": "2011-09-21T00:00:00",
"dateUpdated": "2024-08-06T23:37:48.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3357 (GCVE-0-2011-3357)
Vulnerability from cvelistv5 – Published: 2011-09-21 16:00 – Updated: 2024-08-06 23:29
VLAI?
EPSS
Summary
Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter, related to bug_actiongroup_page.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8392",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8392"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f"
},
{
"name": "DSA-2308",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2308"
},
{
"name": "[oss-security] 20110904 CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/04/1"
},
{
"name": "GLSA-201211-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html"
},
{
"name": "[oss-security] 20110904 Re: CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/04/2"
},
{
"name": "45961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45961"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=735514"
},
{
"name": "49448",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49448"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=13281"
},
{
"name": "mantisbt-action-file-include(69588)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69588"
},
{
"name": "51199",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51199"
},
{
"name": "[oss-security] 20110909 Re: CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/09/9"
},
{
"name": "[debian-security-tracker] 20110908 Security Fix for mantis stable 1.1.8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html"
},
{
"name": "FEDORA-2011-12369",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html"
},
{
"name": "20110905 Multiple vulnerabilities in MantisBT",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/519547/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter, related to bug_actiongroup_page.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "8392",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8392"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f"
},
{
"name": "DSA-2308",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2308"
},
{
"name": "[oss-security] 20110904 CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/04/1"
},
{
"name": "GLSA-201211-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html"
},
{
"name": "[oss-security] 20110904 Re: CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/04/2"
},
{
"name": "45961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45961"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=735514"
},
{
"name": "49448",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49448"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=13281"
},
{
"name": "mantisbt-action-file-include(69588)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69588"
},
{
"name": "51199",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51199"
},
{
"name": "[oss-security] 20110909 Re: CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/09/9"
},
{
"name": "[debian-security-tracker] 20110908 Security Fix for mantis stable 1.1.8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html"
},
{
"name": "FEDORA-2011-12369",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html"
},
{
"name": "20110905 Multiple vulnerabilities in MantisBT",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/519547/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter, related to bug_actiongroup_page.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8392",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8392"
},
{
"name": "https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f",
"refsource": "CONFIRM",
"url": "https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f"
},
{
"name": "DSA-2308",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2308"
},
{
"name": "[oss-security] 20110904 CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/09/04/1"
},
{
"name": "GLSA-201211-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"
},
{
"name": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html",
"refsource": "MISC",
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html"
},
{
"name": "[oss-security] 20110904 Re: CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/09/04/2"
},
{
"name": "45961",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45961"
},
{
"name": "https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d",
"refsource": "CONFIRM",
"url": "https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=735514",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=735514"
},
{
"name": "49448",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49448"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=13281",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=13281"
},
{
"name": "mantisbt-action-file-include(69588)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69588"
},
{
"name": "51199",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51199"
},
{
"name": "[oss-security] 20110909 Re: CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/09/09/9"
},
{
"name": "[debian-security-tracker] 20110908 Security Fix for mantis stable 1.1.8",
"refsource": "MLIST",
"url": "http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html"
},
{
"name": "FEDORA-2011-12369",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html"
},
{
"name": "20110905 Multiple vulnerabilities in MantisBT",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519547/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3357",
"datePublished": "2011-09-21T16:00:00",
"dateReserved": "2011-08-30T00:00:00",
"dateUpdated": "2024-08-06T23:29:56.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…