CVE-2010-2802

MantisBT <1.2.2 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 allows remote authenticated users to inject arbitrary web script or HTML via an HTML document with a .gif filename extension, related to inline attachments.

References (5)

Scores

EPSS 0.0023
EPSS Percentile 45.7%

Classification

CWE
CWE-79
Status published

Affected Products (38)

mantisbt/mantisbt < 1.2.1
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
... and 23 more

Timeline

Published Sep 07, 2010
Tracked Since Feb 18, 2026