Summary: | <www-apps/mantisbt-1.2.15-r1: XSS vulnerability (CVE-2013-4460) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Mikle Kolyada (RETIRED) <zlogene> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | david, pva, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/oss-sec/2013/q4/152 | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Mikle Kolyada (RETIRED)
2013-10-22 17:56:12 UTC
Fix available @ upstream http://www.mantisbt.org/bugs/view.php?id=16513 Maintainer timeout, bumped. Arches, please stabilize: =www-apps/mantisbt-1.2.15-r1 Target arches: amd64 x86 amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. cleanup done. GLSA vote: no. GLSA vote: no Closing as noglsa. CVE-2013-4460 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4460): Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via a project name. |