CVE-2011-3356

Mantisbt < 1.2.7 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in config_defaults_inc.php in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO, as demonstrated by the PATH_INFO to (1) manage_config_email_page.php, (2) manage_config_workflow_page.php, or (3) bugs/plugin.php.

References (16)

Scores

EPSS 0.0083
EPSS Percentile 74.2%

Classification

CWE
CWE-79
Status published

Affected Products (28)

mantisbt/mantisbt < 1.2.7
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
... and 13 more

Timeline

Published Sep 21, 2011
Tracked Since Feb 18, 2026