CVE-2007-6611

Mantis <1.1.0 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php.

References (13)

[Vendor Advisory] http://secunia.com/advisories/28185

[Vendor Advisory] http://secunia.com/advisories/28352

[Vendor Advisory] http://secunia.com/advisories/28551

[Product] http://sourceforge.net/project/shownotes.php?release_id=562940

[Various Sources] http://www.mantisbt.org/bugs/view.php?id=8679

[Patch] http://www.securityfocus.com/bid/27045

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=427277

[Vendor Advisory] https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html

[Vendor Advisory] https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html

[Third Party Advisory] http://www.debian.org/security/2008/dsa-1467

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-200803-04.xml

[Third Party Advisory, VDB Entry] http://osvdb.org/39873

[Third Party Advisory] http://secunia.com/advisories/29198

Scores

EPSS 0.0076

EPSS Percentile 73.1%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

mantis/mantis < 1.1.0a1

Timeline

Published Jan 03, 2008

Tracked Since Feb 18, 2026