cvelistv5 - cve-2011-3578

cve-2011-3578

Vulnerability from cvelistv5

Published

2011-09-21 16:00

Modified

2024-08-06 23:37

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to bug_actiongroup_page.php, a different vulnerability than CVE-2011-3357.

References

URL	Tags
cve@mitre.org	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297	Exploit, Patch
cve@mitre.org	http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html	Exploit, Patch
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html	Exploit, Patch
cve@mitre.org	http://secunia.com/advisories/45961	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/51199
cve@mitre.org	http://security.gentoo.org/glsa/glsa-201211-01.xml
cve@mitre.org	http://securityreason.com/securityalert/8392
cve@mitre.org	http://www.debian.org/security/2011/dsa-2308
cve@mitre.org	http://www.mantisbt.org/bugs/view.php?id=13281	Exploit
cve@mitre.org	http://www.openwall.com/lists/oss-security/2011/09/04/1	Exploit
cve@mitre.org	http://www.openwall.com/lists/oss-security/2011/09/04/2	Patch
cve@mitre.org	http://www.openwall.com/lists/oss-security/2011/09/09/9	Exploit
cve@mitre.org	http://www.securityfocus.com/archive/1/519547/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/49448
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=735514	Exploit, Patch
cve@mitre.org	https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d	Patch
cve@mitre.org	https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f	Patch
cve@mitre.org	https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45961	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/51199
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201211-01.xml
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8392
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2308
af854a3a-2127-422b-91ae-364da2661108	http://www.mantisbt.org/bugs/view.php?id=13281	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/09/04/1	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/09/04/2	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/09/09/9	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/519547/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/49448
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=735514	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f	Patch
af854a3a-2127-422b-91ae-364da2661108	https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html	Exploit

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:37:48.216Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "8392",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8392"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f"
          },
          {
            "name": "DSA-2308",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2308"
          },
          {
            "name": "[oss-security] 20110904 CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/09/04/1"
          },
          {
            "name": "GLSA-201211-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html"
          },
          {
            "name": "[oss-security] 20110904 Re: CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/09/04/2"
          },
          {
            "name": "45961",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45961"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=735514"
          },
          {
            "name": "49448",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/49448"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mantisbt.org/bugs/view.php?id=13281"
          },
          {
            "name": "51199",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51199"
          },
          {
            "name": "[oss-security] 20110909 Re: CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/09/09/9"
          },
          {
            "name": "[debian-security-tracker] 20110908 Security Fix for mantis stable 1.1.8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html"
          },
          {
            "name": "FEDORA-2011-12369",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html"
          },
          {
            "name": "20110905 Multiple vulnerabilities in MantisBT",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/519547/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-09-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to bug_actiongroup_page.php, a different vulnerability than CVE-2011-3357."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "8392",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8392"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f"
        },
        {
          "name": "DSA-2308",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2308"
        },
        {
          "name": "[oss-security] 20110904 CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/09/04/1"
        },
        {
          "name": "GLSA-201211-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html"
        },
        {
          "name": "[oss-security] 20110904 Re: CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/09/04/2"
        },
        {
          "name": "45961",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45961"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=735514"
        },
        {
          "name": "49448",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/49448"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mantisbt.org/bugs/view.php?id=13281"
        },
        {
          "name": "51199",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51199"
        },
        {
          "name": "[oss-security] 20110909 Re: CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/09/09/9"
        },
        {
          "name": "[debian-security-tracker] 20110908 Security Fix for mantis stable 1.1.8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html"
        },
        {
          "name": "FEDORA-2011-12369",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html"
        },
        {
          "name": "20110905 Multiple vulnerabilities in MantisBT",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/519547/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-3578",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to bug_actiongroup_page.php, a different vulnerability than CVE-2011-3357."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "8392",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8392"
            },
            {
              "name": "https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f",
              "refsource": "CONFIRM",
              "url": "https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f"
            },
            {
              "name": "DSA-2308",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2308"
            },
            {
              "name": "[oss-security] 20110904 CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2011/09/04/1"
            },
            {
              "name": "GLSA-201211-01",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"
            },
            {
              "name": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html",
              "refsource": "MISC",
              "url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html"
            },
            {
              "name": "[oss-security] 20110904 Re: CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2011/09/04/2"
            },
            {
              "name": "45961",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/45961"
            },
            {
              "name": "https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d",
              "refsource": "CONFIRM",
              "url": "https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297",
              "refsource": "CONFIRM",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=735514",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=735514"
            },
            {
              "name": "49448",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/49448"
            },
            {
              "name": "http://www.mantisbt.org/bugs/view.php?id=13281",
              "refsource": "CONFIRM",
              "url": "http://www.mantisbt.org/bugs/view.php?id=13281"
            },
            {
              "name": "51199",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51199"
            },
            {
              "name": "[oss-security] 20110909 Re: CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2011/09/09/9"
            },
            {
              "name": "[debian-security-tracker] 20110908 Security Fix for mantis stable 1.1.8",
              "refsource": "MLIST",
              "url": "http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html"
            },
            {
              "name": "FEDORA-2011-12369",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html"
            },
            {
              "name": "20110905 Multiple vulnerabilities in MantisBT",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/519547/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-3578",
    "datePublished": "2011-09-21T16:00:00",
    "dateReserved": "2011-09-21T00:00:00",
    "dateUpdated": "2024-08-06T23:37:48.216Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.2.7\", \"matchCriteriaId\": \"E421063A-47DD-4307-AB38-331301A1DC6C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mantisbt:mantisbt:0.19.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85A3FBD5-163C-4990-B809-A5C9C81A3C6C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mantisbt:mantisbt:0.19.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3FDF456-9648-4A7C-B15A-2828A32D4962\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mantisbt:mantisbt:1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B2602F7-2D93-4E1E-9425-4EDD23752029\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mantisbt:mantisbt:1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86DE3BE3-D6C9-4905-9E61-B70776460604\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mantisbt:mantisbt:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F128A2E2-D509-4B50-95C2-1A31C5B3B31F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mantisbt:mantisbt:1.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"140D5F68-1CAB-458C-BC8B-4F726D657FE8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mantisbt:mantisbt:1.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D25F4F5-7678-41C1-93CB-305883A08527\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mantisbt:mantisbt:1.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1A1316D-314B-4740-A836-D5E6319F4B28\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mantisbt:mantisbt:1.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DBD27CCE-28C4-43CC-8CBD-D7FFB46171AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mantisbt:mantisbt:1.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97298C43-B881-4C11-ADB6-17A8E43EB84E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mantisbt:mantisbt:1.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7257ADD7-C9B7-4F85-AA13-615DD033FD5C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mantisbt:mantisbt:1.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"02FE950B-5E29-4FAA-9BE5-79F38B4C38F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mantisbt:mantisbt:1.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6F2BA78-D054-4E49-ABCA-637922898BF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mantisbt:mantisbt:1.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4595B1E3-25AB-489E-A847-FDBF2554DD6D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mantisbt:mantisbt:1.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11A8F17-5253-475B-89FF-A26EA7531E13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mantisbt:mantisbt:1.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A88B09D-CDCF-45FD-B004-13B597DA4F48\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mantisbt:mantisbt:1.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49583BE8-B832-4E9F-B154-47A26C72489D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mantisbt:mantisbt:1.1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2501F40-3630-4528-BE0A-61D4BB6EC7FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mantisbt:mantisbt:1.1.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9223DAF7-D03E-4A4E-8AB5-5CEB87DFF2C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mantisbt:mantisbt:1.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFF77ABF-0A03-437A-B241-1EF2BBB83D24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mantisbt:mantisbt:1.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F096CD6-534E-4ABF-B2DF-D4B55B8C5F6A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mantisbt:mantisbt:1.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A66AB537-6FBA-4A51-B10C-BF61F54BC01B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mantisbt:mantisbt:1.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A50835BF-D28B-47FF-81F0-C34D95D6F2E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mantisbt:mantisbt:1.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA0EB9A6-1DFD-4C17-A002-0899DA252A56\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mantisbt:mantisbt:1.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BBA33285-3EE7-43FD-8347-E7D9A18DC134\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mantisbt:mantisbt:1.2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8827C2B4-EBEC-4D64-9AC8-07A048467F40\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to bug_actiongroup_page.php, a different vulnerability than CVE-2011-3357.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de ejecuci\\u00f3n de secuencias de comandos en sitios cruzados (XSS) en bug_actiongroup_ext_page.php en MantisBT antes de 1.2.8, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\\u00e9s del par\\u00e1metro action, relacionado con bug_actiongroup_page.php, una vulnerabilidad diferente de CVE-2011-3357\"}]",
      "id": "CVE-2011-3578",
      "lastModified": "2024-11-21T01:30:47.113",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2011-09-21T16:55:05.240",
      "references": "[{\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://secunia.com/advisories/45961\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/51199\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-201211-01.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/8392\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2011/dsa-2308\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mantisbt.org/bugs/view.php?id=13281\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2011/09/04/1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2011/09/04/2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2011/09/09/9\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/519547/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/49448\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=735514\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://secunia.com/advisories/45961\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/51199\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-201211-01.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/8392\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2011/dsa-2308\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mantisbt.org/bugs/view.php?id=13281\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2011/09/04/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2011/09/04/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2011/09/09/9\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/519547/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/49448\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=735514\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-3578\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2011-09-21T16:55:05.240\",\"lastModified\":\"2024-11-21T01:30:47.113\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to bug_actiongroup_page.php, a different vulnerability than CVE-2011-3357.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en bug_actiongroup_ext_page.php en MantisBT antes de 1.2.8, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro action, relacionado con bug_actiongroup_page.php, una vulnerabilidad diferente de CVE-2011-3357\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.2.7\",\"matchCriteriaId\":\"E421063A-47DD-4307-AB38-331301A1DC6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mantisbt:mantisbt:0.19.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85A3FBD5-163C-4990-B809-A5C9C81A3C6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mantisbt:mantisbt:0.19.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3FDF456-9648-4A7C-B15A-2828A32D4962\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mantisbt:mantisbt:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B2602F7-2D93-4E1E-9425-4EDD23752029\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mantisbt:mantisbt:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86DE3BE3-D6C9-4905-9E61-B70776460604\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mantisbt:mantisbt:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F128A2E2-D509-4B50-95C2-1A31C5B3B31F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mantisbt:mantisbt:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"140D5F68-1CAB-458C-BC8B-4F726D657FE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mantisbt:mantisbt:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D25F4F5-7678-41C1-93CB-305883A08527\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mantisbt:mantisbt:1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1A1316D-314B-4740-A836-D5E6319F4B28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mantisbt:mantisbt:1.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBD27CCE-28C4-43CC-8CBD-D7FFB46171AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mantisbt:mantisbt:1.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97298C43-B881-4C11-ADB6-17A8E43EB84E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mantisbt:mantisbt:1.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7257ADD7-C9B7-4F85-AA13-615DD033FD5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mantisbt:mantisbt:1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02FE950B-5E29-4FAA-9BE5-79F38B4C38F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mantisbt:mantisbt:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6F2BA78-D054-4E49-ABCA-637922898BF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mantisbt:mantisbt:1.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4595B1E3-25AB-489E-A847-FDBF2554DD6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mantisbt:mantisbt:1.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11A8F17-5253-475B-89FF-A26EA7531E13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mantisbt:mantisbt:1.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A88B09D-CDCF-45FD-B004-13B597DA4F48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mantisbt:mantisbt:1.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49583BE8-B832-4E9F-B154-47A26C72489D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mantisbt:mantisbt:1.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2501F40-3630-4528-BE0A-61D4BB6EC7FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mantisbt:mantisbt:1.1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9223DAF7-D03E-4A4E-8AB5-5CEB87DFF2C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mantisbt:mantisbt:1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFF77ABF-0A03-437A-B241-1EF2BBB83D24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mantisbt:mantisbt:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F096CD6-534E-4ABF-B2DF-D4B55B8C5F6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mantisbt:mantisbt:1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A66AB537-6FBA-4A51-B10C-BF61F54BC01B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mantisbt:mantisbt:1.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A50835BF-D28B-47FF-81F0-C34D95D6F2E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mantisbt:mantisbt:1.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA0EB9A6-1DFD-4C17-A002-0899DA252A56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mantisbt:mantisbt:1.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBA33285-3EE7-43FD-8347-E7D9A18DC134\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mantisbt:mantisbt:1.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8827C2B4-EBEC-4D64-9AC8-07A048467F40\"}]}]}],\"references\":[{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://secunia.com/advisories/45961\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/51199\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-201211-01.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/8392\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2011/dsa-2308\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mantisbt.org/bugs/view.php?id=13281\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/09/04/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/09/04/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/09/09/9\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/archive/1/519547/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/49448\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=735514\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://secunia.com/advisories/45961\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/51199\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-201211-01.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/8392\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2011/dsa-2308\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mantisbt.org/bugs/view.php?id=13281\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/09/04/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/09/04/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/09/09/9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/archive/1/519547/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/49448\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=735514\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]}]}}"
  }
}

cve-2011-3578

Vulnerability from fkie_nvd

Published

2011-09-21 16:55

Modified

2024-11-21 01:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297	Exploit, Patch
cve@mitre.org	http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html	Exploit, Patch
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html	Exploit, Patch
cve@mitre.org	http://secunia.com/advisories/45961	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/51199
cve@mitre.org	http://security.gentoo.org/glsa/glsa-201211-01.xml
cve@mitre.org	http://securityreason.com/securityalert/8392
cve@mitre.org	http://www.debian.org/security/2011/dsa-2308
cve@mitre.org	http://www.mantisbt.org/bugs/view.php?id=13281	Exploit
cve@mitre.org	http://www.openwall.com/lists/oss-security/2011/09/04/1	Exploit
cve@mitre.org	http://www.openwall.com/lists/oss-security/2011/09/04/2	Patch
cve@mitre.org	http://www.openwall.com/lists/oss-security/2011/09/09/9	Exploit
cve@mitre.org	http://www.securityfocus.com/archive/1/519547/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/49448
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=735514	Exploit, Patch
cve@mitre.org	https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d	Patch
cve@mitre.org	https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f	Patch
cve@mitre.org	https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45961	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/51199
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201211-01.xml
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8392
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2308
af854a3a-2127-422b-91ae-364da2661108	http://www.mantisbt.org/bugs/view.php?id=13281	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/09/04/1	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/09/04/2	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/09/09/9	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/519547/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/49448
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=735514	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f	Patch
af854a3a-2127-422b-91ae-364da2661108	https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html	Exploit

Impacted products

Vendor	Product	Version
mantisbt	mantisbt	*
mantisbt	mantisbt	0.19.3
mantisbt	mantisbt	0.19.4
mantisbt	mantisbt	1.0.0
mantisbt	mantisbt	1.0.1
mantisbt	mantisbt	1.0.2
mantisbt	mantisbt	1.0.3
mantisbt	mantisbt	1.0.4
mantisbt	mantisbt	1.0.5
mantisbt	mantisbt	1.0.6
mantisbt	mantisbt	1.0.7
mantisbt	mantisbt	1.0.8
mantisbt	mantisbt	1.1.0
mantisbt	mantisbt	1.1.1
mantisbt	mantisbt	1.1.2
mantisbt	mantisbt	1.1.4
mantisbt	mantisbt	1.1.5
mantisbt	mantisbt	1.1.6
mantisbt	mantisbt	1.1.7
mantisbt	mantisbt	1.1.8
mantisbt	mantisbt	1.2.0
mantisbt	mantisbt	1.2.1
mantisbt	mantisbt	1.2.2
mantisbt	mantisbt	1.2.3
mantisbt	mantisbt	1.2.4
mantisbt	mantisbt	1.2.5
mantisbt	mantisbt	1.2.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E421063A-47DD-4307-AB38-331301A1DC6C",
              "versionEndIncluding": "1.2.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:0.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "85A3FBD5-163C-4990-B809-A5C9C81A3C6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:0.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3FDF456-9648-4A7C-B15A-2828A32D4962",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B2602F7-2D93-4E1E-9425-4EDD23752029",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "86DE3BE3-D6C9-4905-9E61-B70776460604",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F128A2E2-D509-4B50-95C2-1A31C5B3B31F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "140D5F68-1CAB-458C-BC8B-4F726D657FE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D25F4F5-7678-41C1-93CB-305883A08527",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1A1316D-314B-4740-A836-D5E6319F4B28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBD27CCE-28C4-43CC-8CBD-D7FFB46171AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "97298C43-B881-4C11-ADB6-17A8E43EB84E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7257ADD7-C9B7-4F85-AA13-615DD033FD5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "02FE950B-5E29-4FAA-9BE5-79F38B4C38F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6F2BA78-D054-4E49-ABCA-637922898BF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4595B1E3-25AB-489E-A847-FDBF2554DD6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11A8F17-5253-475B-89FF-A26EA7531E13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A88B09D-CDCF-45FD-B004-13B597DA4F48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "49583BE8-B832-4E9F-B154-47A26C72489D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2501F40-3630-4528-BE0A-61D4BB6EC7FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9223DAF7-D03E-4A4E-8AB5-5CEB87DFF2C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFF77ABF-0A03-437A-B241-1EF2BBB83D24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F096CD6-534E-4ABF-B2DF-D4B55B8C5F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A66AB537-6FBA-4A51-B10C-BF61F54BC01B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A50835BF-D28B-47FF-81F0-C34D95D6F2E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA0EB9A6-1DFD-4C17-A002-0899DA252A56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBA33285-3EE7-43FD-8347-E7D9A18DC134",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8827C2B4-EBEC-4D64-9AC8-07A048467F40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to bug_actiongroup_page.php, a different vulnerability than CVE-2011-3357."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en bug_actiongroup_ext_page.php en MantisBT antes de 1.2.8, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro action, relacionado con bug_actiongroup_page.php, una vulnerabilidad diferente de CVE-2011-3357"
    }
  ],
  "id": "CVE-2011-3578",
  "lastModified": "2024-11-21T01:30:47.113",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-09-21T16:55:05.240",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/45961"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/51199"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/8392"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2011/dsa-2308"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.mantisbt.org/bugs/view.php?id=13281"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2011/09/04/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2011/09/04/2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2011/09/09/9"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/519547/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/49448"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=735514"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/45961"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/51199"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.mantisbt.org/bugs/view.php?id=13281"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2011/09/04/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2011/09/04/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2011/09/09/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/519547/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/49448"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=735514"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2011-3578

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2011-3578

Aliases

CVE-2011-3578

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-3578",
    "description": "Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to bug_actiongroup_page.php, a different vulnerability than CVE-2011-3357.",
    "id": "GSD-2011-3578"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-3578"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to bug_actiongroup_page.php, a different vulnerability than CVE-2011-3357.",
      "id": "GSD-2011-3578",
      "modified": "2023-12-13T01:19:09.103194Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2011-3578",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to bug_actiongroup_page.php, a different vulnerability than CVE-2011-3357."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "8392",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/8392"
          },
          {
            "name": "https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f",
            "refsource": "CONFIRM",
            "url": "https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f"
          },
          {
            "name": "DSA-2308",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2011/dsa-2308"
          },
          {
            "name": "[oss-security] 20110904 CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2011/09/04/1"
          },
          {
            "name": "GLSA-201211-01",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"
          },
          {
            "name": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html",
            "refsource": "MISC",
            "url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html"
          },
          {
            "name": "[oss-security] 20110904 Re: CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2011/09/04/2"
          },
          {
            "name": "45961",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/45961"
          },
          {
            "name": "https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d",
            "refsource": "CONFIRM",
            "url": "https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d"
          },
          {
            "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297",
            "refsource": "CONFIRM",
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=735514",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=735514"
          },
          {
            "name": "49448",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/49448"
          },
          {
            "name": "http://www.mantisbt.org/bugs/view.php?id=13281",
            "refsource": "CONFIRM",
            "url": "http://www.mantisbt.org/bugs/view.php?id=13281"
          },
          {
            "name": "51199",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/51199"
          },
          {
            "name": "[oss-security] 20110909 Re: CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2011/09/09/9"
          },
          {
            "name": "[debian-security-tracker] 20110908 Security Fix for mantis stable 1.1.8",
            "refsource": "MLIST",
            "url": "http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html"
          },
          {
            "name": "FEDORA-2011-12369",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html"
          },
          {
            "name": "20110905 Multiple vulnerabilities in MantisBT",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/519547/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mantisbt:mantisbt:0.19.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mantisbt:mantisbt:0.19.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mantisbt:mantisbt:1.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mantisbt:mantisbt:1.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mantisbt:mantisbt:1.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mantisbt:mantisbt:1.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mantisbt:mantisbt:1.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mantisbt:mantisbt:1.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mantisbt:mantisbt:1.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mantisbt:mantisbt:1.1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mantisbt:mantisbt:1.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mantisbt:mantisbt:1.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mantisbt:mantisbt:1.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mantisbt:mantisbt:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mantisbt:mantisbt:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mantisbt:mantisbt:1.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mantisbt:mantisbt:1.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mantisbt:mantisbt:1.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mantisbt:mantisbt:1.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mantisbt:mantisbt:1.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mantisbt:mantisbt:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mantisbt:mantisbt:1.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mantisbt:mantisbt:1.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mantisbt:mantisbt:1.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mantisbt:mantisbt:1.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mantisbt:mantisbt:1.2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.2.7",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-3578"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to bug_actiongroup_page.php, a different vulnerability than CVE-2011-3357."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20110904 CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
              "refsource": "MLIST",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/09/04/1"
            },
            {
              "name": "https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f"
            },
            {
              "name": "http://www.mantisbt.org/bugs/view.php?id=13281",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.mantisbt.org/bugs/view.php?id=13281"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=735514",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=735514"
            },
            {
              "name": "45961",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/45961"
            },
            {
              "name": "[oss-security] 20110904 Re: CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
              "refsource": "MLIST",
              "tags": [
                "Patch"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/09/04/2"
            },
            {
              "name": "https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d"
            },
            {
              "name": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html"
            },
            {
              "name": "FEDORA-2011-12369",
              "refsource": "FEDORA",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html"
            },
            {
              "name": "49448",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/49448"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297"
            },
            {
              "name": "[debian-security-tracker] 20110908 Security Fix for mantis stable 1.1.8",
              "refsource": "MLIST",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html"
            },
            {
              "name": "[oss-security] 20110909 Re: CVE requests: \u003cmantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
              "refsource": "MLIST",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/09/09/9"
            },
            {
              "name": "8392",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/8392"
            },
            {
              "name": "DSA-2308",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2011/dsa-2308"
            },
            {
              "name": "GLSA-201211-01",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"
            },
            {
              "name": "51199",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/51199"
            },
            {
              "name": "20110905 Multiple vulnerabilities in MantisBT",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/519547/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-09T19:33Z",
      "publishedDate": "2011-09-21T16:55Z"
    }
  }
}

ghsa-vpjw-cwmj-229x

Vulnerability from github

Published

2022-05-14 02:54

Modified

2022-05-14 02:54

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-3578"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-09-21T16:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to bug_actiongroup_page.php, a different vulnerability than CVE-2011-3357.",
  "id": "GHSA-vpjw-cwmj-229x",
  "modified": "2022-05-14T02:54:52Z",
  "published": "2022-05-14T02:54:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3578"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=735514"
    },
    {
      "type": "WEB",
      "url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297"
    },
    {
      "type": "WEB",
      "url": "http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/45961"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/51199"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8392"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2011/dsa-2308"
    },
    {
      "type": "WEB",
      "url": "http://www.mantisbt.org/bugs/view.php?id=13281"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/09/04/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/09/04/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/09/09/9"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/519547/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/49448"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2011-3578

Vulnerability from cvelistv5

cve-2011-3578

Vulnerability from fkie_nvd

gsd-2011-3578

Vulnerability from gsd

ghsa-vpjw-cwmj-229x

Vulnerability from github

Tags

Sightings

Nomenclature