CVE-2011-2938
MantisBT < 1.2.7 - Cross-Site Scripting via Project ID Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2011-2938. PoCs published by Net.Edit0r.
AI-analyzed exploit summary The provided text describes SQL injection and XSS vulnerabilities in MantisBT 1.2.6, including example URLs for exploitation. However, it lacks actual exploit code or detailed technical steps.
Description
Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php in MantisBT before 1.2.7 allow remote attackers to inject arbitrary web script or HTML via a parameter, as demonstrated by the project_id parameter to search.php.
Exploits (1)
The provided text describes SQL injection and XSS vulnerabilities in MantisBT 1.2.6, including example URLs for exploitation. However, it lacks actual exploit code or detailed technical steps.