CVE-2008-3331

Mantis < 1.1.2 - Cross-Site Scripting via return_dynamic_filters.php filter_target Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3331. PoCs published by USH.

AI-analyzed exploit summary This is a detailed advisory describing multiple vulnerabilities in Mantis Bug Tracker 1.1.1, including XSS, CSRF, and Remote Code Execution. It provides proof-of-concept URLs and technical analysis but does not contain executable exploit code.

Description

Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by USH · textwebappsphp

https://www.exploit-db.com/exploits/5657

View Code ZIP pw:eip

This is a detailed advisory describing multiple vulnerabilities in Mantis Bug Tracker 1.1.1, including XSS, CSRF, and Remote Code Execution. It provides proof-of-concept URLs and technical analysis but does not contain executable exploit code.

Classification

Writeup 100%

Attack Type

Xss | Csrf | Rce

Complexity

Moderate

Reliability

Reliable

Target: Mantis Bug Tracker 1.1.1 and possibly earlier versions

Auth required

Prerequisites: Authenticated user access · Administrator privileges for RCE

MITRE ATT&CK