CVE-2011-3358

Mantisbt < 1.2.7 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) os, (2) os_build, or (3) platform parameter to (a) bug_report_page.php or (b) bug_update_advanced_page.php, related to use of the Projax library.

References (16)

Scores

EPSS 0.0083
EPSS Percentile 74.2%

Classification

CWE
CWE-79
Status published

Affected Products (28)

mantisbt/mantisbt < 1.2.7
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
... and 13 more

Timeline

Published Sep 21, 2011
Tracked Since Feb 18, 2026