Vulnerability Name:

CVE-2005-4238 (CCN-23627)

Assigned:2005-12-13
Published:2005-12-13
Updated:2011-03-08
Summary:Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2005-4238

Source: MITRE
Type: CNA
CVE-2005-4522

Source: CCN
Type: UNSECURED SYSTEMS 12/14/2005
Mantis bugtracking system XSS vuln.

Source: MISC
Type: UNKNOWN
http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html

Source: CCN
Type: SA18018
Mantis "view_filters_page.php" Cross-Site Scripting Vulnerability

Source: SECUNIA
Type: UNKNOWN
18018

Source: CCN
Type: SA18181
Mantis Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
18481

Source: DEBIAN
Type: UNKNOWN
DSA-944

Source: DEBIAN
Type: DSA-944
mantis -- several vulnerabilities

Source: CCN
Type: GLSA-200512-12
Mantis: Multiple vulnerabilities

Source: CCN
Type: Mantis Bug Tracker Web site
Mantis bug tracking system

Source: CCN
Type: OSVDB ID: 21686
Mantis view_filters_page.php target_field Parameter XSS

Source: CCN
Type: OSVDB ID: 22053
Mantis view_filters_page.php Multiple Parameter XSS

Source: CCN
Type: OSVDB ID: 60091
Mantis view_filters_page.php target_field Parameter XSS

Source: BID
Type: Exploit
15842

Source: CCN
Type: BID-15842
Mantis View_filters_page.PHP Cross-Site Scripting Vulnerability

Source: CCN
Type: BID-16046
Mantis Multiple Unspecified Remote Vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2005-2874

Source: XF
Type: UNKNOWN
mantis-viewfilterspage-xss(23627)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mantis:mantis:0.9:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.10:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.10.2:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.11:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.11.1:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.12:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.13:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.13.1:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.14:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.14.1:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.14.2:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.14.3:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.14.4:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.14.5:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.14.6:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.14.7:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.14.8:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.15:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.15.1:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.15.2:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.15.3:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.15.4:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.15.5:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.15.6:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.15.7:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.15.8:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.15.9:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.15.10:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.15.11:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.15.12:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.16:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.16.0:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.16.1:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.17:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.17.0:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.17.1:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.17.2:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.17.3:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.17.4:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.17.5:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.18:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.18.2:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.18.3:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.18a1:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.19.0:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.19.1:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.19.2:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:0.19.3:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*
  • OR cpe:/a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:944
    V
    		several vulnerabilities
    2006-01-17
    BACK
    mantis mantis 0.9
    mantis mantis 0.9.1
    mantis mantis 0.10
    mantis mantis 0.10.1
    mantis mantis 0.10.2
    mantis mantis 0.11
    mantis mantis 0.11.1
    mantis mantis 0.12
    mantis mantis 0.13
    mantis mantis 0.13.1
    mantis mantis 0.14
    mantis mantis 0.14.1
    mantis mantis 0.14.2
    mantis mantis 0.14.3
    mantis mantis 0.14.4
    mantis mantis 0.14.5
    mantis mantis 0.14.6
    mantis mantis 0.14.7
    mantis mantis 0.14.8
    mantis mantis 0.15
    mantis mantis 0.15.1
    mantis mantis 0.15.2
    mantis mantis 0.15.3
    mantis mantis 0.15.4
    mantis mantis 0.15.5
    mantis mantis 0.15.6
    mantis mantis 0.15.7
    mantis mantis 0.15.8
    mantis mantis 0.15.9
    mantis mantis 0.15.10
    mantis mantis 0.15.11
    mantis mantis 0.15.12
    mantis mantis 0.16
    mantis mantis 0.16.0
    mantis mantis 0.16.1
    mantis mantis 0.17
    mantis mantis 0.17.0
    mantis mantis 0.17.1
    mantis mantis 0.17.2
    mantis mantis 0.17.3
    mantis mantis 0.17.4
    mantis mantis 0.17.4a
    mantis mantis 0.17.5
    mantis mantis 0.18
    mantis mantis 0.18.0_rc1
    mantis mantis 0.18.0a2
    mantis mantis 0.18.0a3
    mantis mantis 0.18.0a4
    mantis mantis 0.18.2
    mantis mantis 0.18.3
    mantis mantis 0.18a1
    mantis mantis 0.19.0
    mantis mantis 0.19.0_rc1
    mantis mantis 0.19.0a
    mantis mantis 0.19.0a1
    mantis mantis 0.19.0a2
    mantis mantis 0.19.1
    mantis mantis 0.19.2
    mantis mantis 0.19.3
    mantis mantis 1.0.0_rc1
    mantis mantis 1.0.0_rc2
    mantis mantis 1.0.0_rc3
    mantis mantis 1.0.0a1
    mantis mantis 1.0.0a2
    mantis mantis 1.0.0a3
    mantis mantis 1.0.0_rc2
    gentoo linux *
    debian debian linux 3.1