Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

Vulnerability IntelligenceCVE-2010-2574

CVE-2010-2574

UNKNOWN

Cross-site scripting (XSS) vulnerability in manage_proj_cat_add

Published Aug 9, 2010

Modified 1 years ago

Details

Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action.

References

ADVISORY

http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048548.html

ADVISORY

http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048639.html

ADVISORY

http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048659.html

ADVISORY

http://secunia.com/advisories/40832

ADVISORY

http://secunia.com/advisories/41653

WEB

http://secunia.com/secunia_research/2010-103/

WEB

http://www.mantisbt.org/bugs/changelog_page.php?version_id=111

WEB

http://www.mantisbt.org/bugs/view.php?id=12230

WEB

http://www.openwall.com/lists/oss-security/2010/09/14/12

WEB

http://www.openwall.com/lists/oss-security/2010/09/14/13

WEB

http://www.securityfocus.com/archive/1/512886/100/0/threaded

WEB

http://www.vupen.com/english/advisories/2010/2535

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2010-2574

CVSS Analysis

CVSS v2.0

2.1

Exploitability

Access Vector

NetworkAV:N

Access Complexity

HighAC:H

Authentication

SingleAu:S

Impact

Confidentiality

NoneC:N

Integrity

PartialI:P

Availability

NoneA:N

2.1/AV:N/AC:H/Au:S/C:N/I:P/A:N

Ecosystems

Timeline

PublishedAug 9, 2010

ModifiedAug 7, 2024

CVE-2010-2574 | Mondoo Vulnerability Intelligence