CVE-2010-4348 - Vulnerability Details

Vendors	Products
Mantisbt	Mantisbt

Link	Providers
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html
http://openwall.com/lists/oss-security/2010/12/15/4
http://openwall.com/lists/oss-security/2010/12/16/1
http://secunia.com/advisories/42772
http://secunia.com/advisories/51199
http://security.gentoo.org/glsa/glsa-201211-01.xml
http://www.mantisbt.org/blog/?p=123
http://www.mantisbt.org/bugs/changelog_page.php?version_id=112
http://www.mantisbt.org/bugs/view.php?id=12607
http://www.vupen.com/english/advisories/2011/0002
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php
https://bugzilla.redhat.com/show_bug.cgi?id=663230

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-12-14T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-01-12T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "ADV-2011-0002", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0002"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php"}, {"name": "[oss-security] 20101216 Re: CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2010/12/16/1"}, {"name": "GLSA-201211-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mantisbt.org/blog/?p=123"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mantisbt.org/bugs/view.php?id=12607"}, {"name": "51199", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51199"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=663230"}, {"name": "FEDORA-2010-19078", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html"}, {"name": "[oss-security] 20101215 CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2010/12/15/4"}, {"name": "42772", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42772"}, {"name": "FEDORA-2010-19070", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mantisbt.org/bugs/changelog_page.php?version_id=112"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:43:14.687Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2011-0002", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0002"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php"}, {"name": "[oss-security] 20101216 Re: CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2010/12/16/1"}, {"name": "GLSA-201211-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mantisbt.org/blog/?p=123"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mantisbt.org/bugs/view.php?id=12607"}, {"name": "51199", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/51199"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=663230"}, {"name": "FEDORA-2010-19078", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html"}, {"name": "[oss-security] 20101215 CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2010/12/15/4"}, {"name": "42772", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42772"}, {"name": "FEDORA-2010-19070", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mantisbt.org/bugs/changelog_page.php?version_id=112"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-4348", "datePublished": "2011-01-03T19:26:00", "dateReserved": "2010-11-30T00:00:00", "dateUpdated": "2024-08-07T03:43:14.687Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2010-12-14T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2011-01-12T10:00:00 (string)

orgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

shortName : redhat (string)

}

references : [ »

0 : { »

name : ADV-2011-0002 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

]

url : http://www.vupen.com/english/advisories/2011/0002 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php (string)

}

2 : { »

name : [oss-security] 20101216 Re: CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : http://openwall.com/lists/oss-security/2010/12/16/1 (string)

}

3 : { »

name : GLSA-201211-01 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : http://security.gentoo.org/glsa/glsa-201211-01.xml (string)

}

4 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.mantisbt.org/blog/?p=123 (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.mantisbt.org/bugs/view.php?id=12607 (string)

}

6 : { »

name : 51199 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/51199 (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=663230 (string)

}

8 : { »

name : FEDORA-2010-19078 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html (string)

}

9 : { »

name : [oss-security] 20101215 CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : http://openwall.com/lists/oss-security/2010/12/15/4 (string)

}

10 : { »

name : 42772 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/42772 (string)

}

11 : { »

name : FEDORA-2010-19070 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html (string)

}

12 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.mantisbt.org/bugs/changelog_page.php?version_id=112 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-07T03:43:14.687Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : ADV-2011-0002 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

2 : x_transferred (string)

]

url : http://www.vupen.com/english/advisories/2011/0002 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php (string)

}

2 : { »

name : [oss-security] 20101216 Re: CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : http://openwall.com/lists/oss-security/2010/12/16/1 (string)

}

3 : { »

name : GLSA-201211-01 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : http://security.gentoo.org/glsa/glsa-201211-01.xml (string)

}

4 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.mantisbt.org/blog/?p=123 (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.mantisbt.org/bugs/view.php?id=12607 (string)

}

6 : { »

name : 51199 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/51199 (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=663230 (string)

}

8 : { »

name : FEDORA-2010-19078 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html (string)

}

9 : { »

name : [oss-security] 20101215 CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : http://openwall.com/lists/oss-security/2010/12/15/4 (string)

}

10 : { »

name : 42772 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/42772 (string)

}

11 : { »

name : FEDORA-2010-19070 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html (string)

}

12 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.mantisbt.org/bugs/changelog_page.php?version_id=112 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

assignerShortName : redhat (string)

cveId : CVE-2010-4348 (string)

datePublished : 2011-01-03T19:26:00 (string)

dateReserved : 2010-11-30T00:00:00 (string)

dateUpdated : 2024-08-07T03:43:14.687Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB90875A-388F-493C-8076-F59EA12F9355", "versionEndIncluding": "1.2.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:0.18.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF83F757-4B62-441C-8421-15809E573A83", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:0.19.0:*:*:*:*:*:*:*", "matchCriteriaId": "A608AFEC-B265-4143-99DA-BB2AE9D522BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:0.19.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "7FCB56AC-4C14-49B1-BEFE-8651BC70476E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:0.19.0a1:*:*:*:*:*:*:*", "matchCriteriaId": "64BCCC4D-D109-4116-A9C3-E5553686A986", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:0.19.0a2:*:*:*:*:*:*:*", "matchCriteriaId": "BAAF1C66-9DC7-4FD3-8651-C5561B2681A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:0.19.1:*:*:*:*:*:*:*", "matchCriteriaId": "F59BAE6B-C73D-4BE2-AEF9-93F2F4A4373F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:0.19.2:*:*:*:*:*:*:*", "matchCriteriaId": "C9DA5C2F-FB7C-4D95-81DE-24D8EADC5C30", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:0.19.3:*:*:*:*:*:*:*", "matchCriteriaId": "85A3FBD5-163C-4990-B809-A5C9C81A3C6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:0.19.4:*:*:*:*:*:*:*", "matchCriteriaId": "D3FDF456-9648-4A7C-B15A-2828A32D4962", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:0.19.5:*:*:*:*:*:*:*", "matchCriteriaId": "9EE8BCBE-D864-4311-B73A-DF92162D8DF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6B2602F7-2D93-4E1E-9425-4EDD23752029", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "62F6B391-DDE3-4E8E-8582-85EA7287E591", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "80DBD667-1FB9-4354-9150-A190D4D817A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F27E40C0-263F-452B-8C91-E621A02EFC28", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "CB888B14-EA67-4EDB-A3AF-ACD3F0A6227E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "1DB45A02-2522-4E10-BC81-48750ACB42DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.0a1:*:*:*:*:*:*:*", "matchCriteriaId": "AC837ACF-EB55-4E9C-BFC5-83BB04B84BE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.0a2:*:*:*:*:*:*:*", "matchCriteriaId": "F8826523-FDEE-4C14-8EAC-97C564272CC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.0a3:*:*:*:*:*:*:*", "matchCriteriaId": "1780295B-215F-4EEE-8CF8-2E3531D7A196", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "86DE3BE3-D6C9-4905-9E61-B70776460604", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "F128A2E2-D509-4B50-95C2-1A31C5B3B31F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "140D5F68-1CAB-458C-BC8B-4F726D657FE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "0D25F4F5-7678-41C1-93CB-305883A08527", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "D1A1316D-314B-4740-A836-D5E6319F4B28", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "DBD27CCE-28C4-43CC-8CBD-D7FFB46171AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "97298C43-B881-4C11-ADB6-17A8E43EB84E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "7257ADD7-C9B7-4F85-AA13-615DD033FD5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "02FE950B-5E29-4FAA-9BE5-79F38B4C38F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D6F2BA78-D054-4E49-ABCA-637922898BF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "4595B1E3-25AB-489E-A847-FDBF2554DD6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "C11A8F17-5253-475B-89FF-A26EA7531E13", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "4A88B09D-CDCF-45FD-B004-13B597DA4F48", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "49583BE8-B832-4E9F-B154-47A26C72489D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "E2501F40-3630-4528-BE0A-61D4BB6EC7FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "9223DAF7-D03E-4A4E-8AB5-5CEB87DFF2C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CFF77ABF-0A03-437A-B241-1EF2BBB83D24", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "5F096CD6-534E-4ABF-B2DF-D4B55B8C5F6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "A66AB537-6FBA-4A51-B10C-BF61F54BC01B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en admin / upgrade_unattended.php en MantisBT antes de 1.2.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro db_type, relacionado con una llamada insegura por MantisBT a una funci\u00f3n en la Biblioteca ADOdb para PHP."}], "id": "CVE-2010-4348", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-01-03T20:00:42.967", "references": [{"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://openwall.com/lists/oss-security/2010/12/15/4"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://openwall.com/lists/oss-security/2010/12/16/1"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/42772"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/51199"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"}, {"source": "secalert@redhat.com", "url": "http://www.mantisbt.org/blog/?p=123"}, {"source": "secalert@redhat.com", "url": "http://www.mantisbt.org/bugs/changelog_page.php?version_id=112"}, {"source": "secalert@redhat.com", "url": "http://www.mantisbt.org/bugs/view.php?id=12607"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2011/0002"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=663230"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://openwall.com/lists/oss-security/2010/12/15/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://openwall.com/lists/oss-security/2010/12/16/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/42772"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/51199"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mantisbt.org/blog/?p=123"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mantisbt.org/bugs/changelog_page.php?version_id=112"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mantisbt.org/bugs/view.php?id=12607"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2011/0002"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=663230"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:* (string)

matchCriteriaId : AB90875A-388F-493C-8076-F59EA12F9355 (string)

versionEndIncluding : 1.2.3 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:0.18.0:*:*:*:*:*:*:* (string)

matchCriteriaId : AF83F757-4B62-441C-8421-15809E573A83 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:0.19.0:*:*:*:*:*:*:* (string)

matchCriteriaId : A608AFEC-B265-4143-99DA-BB2AE9D522BC (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:0.19.0:rc1:*:*:*:*:*:* (string)

matchCriteriaId : 7FCB56AC-4C14-49B1-BEFE-8651BC70476E (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:0.19.0a1:*:*:*:*:*:*:* (string)

matchCriteriaId : 64BCCC4D-D109-4116-A9C3-E5553686A986 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:0.19.0a2:*:*:*:*:*:*:* (string)

matchCriteriaId : BAAF1C66-9DC7-4FD3-8651-C5561B2681A5 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:0.19.1:*:*:*:*:*:*:* (string)

matchCriteriaId : F59BAE6B-C73D-4BE2-AEF9-93F2F4A4373F (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:0.19.2:*:*:*:*:*:*:* (string)

matchCriteriaId : C9DA5C2F-FB7C-4D95-81DE-24D8EADC5C30 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:0.19.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 85A3FBD5-163C-4990-B809-A5C9C81A3C6C (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:0.19.4:*:*:*:*:*:*:* (string)

matchCriteriaId : D3FDF456-9648-4A7C-B15A-2828A32D4962 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:0.19.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 9EE8BCBE-D864-4311-B73A-DF92162D8DF3 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:1.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 6B2602F7-2D93-4E1E-9425-4EDD23752029 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc1:*:*:*:*:*:* (string)

matchCriteriaId : 62F6B391-DDE3-4E8E-8582-85EA7287E591 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc2:*:*:*:*:*:* (string)

matchCriteriaId : 80DBD667-1FB9-4354-9150-A190D4D817A2 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc3:*:*:*:*:*:* (string)

matchCriteriaId : F27E40C0-263F-452B-8C91-E621A02EFC28 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc4:*:*:*:*:*:* (string)

matchCriteriaId : CB888B14-EA67-4EDB-A3AF-ACD3F0A6227E (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc5:*:*:*:*:*:* (string)

matchCriteriaId : 1DB45A02-2522-4E10-BC81-48750ACB42DD (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:1.0.0a1:*:*:*:*:*:*:* (string)

matchCriteriaId : AC837ACF-EB55-4E9C-BFC5-83BB04B84BE3 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:1.0.0a2:*:*:*:*:*:*:* (string)

matchCriteriaId : F8826523-FDEE-4C14-8EAC-97C564272CC8 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:1.0.0a3:*:*:*:*:*:*:* (string)

matchCriteriaId : 1780295B-215F-4EEE-8CF8-2E3531D7A196 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:1.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 86DE3BE3-D6C9-4905-9E61-B70776460604 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:1.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : F128A2E2-D509-4B50-95C2-1A31C5B3B31F (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:1.0.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 140D5F68-1CAB-458C-BC8B-4F726D657FE8 (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:1.0.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 0D25F4F5-7678-41C1-93CB-305883A08527 (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:1.0.5:*:*:*:*:*:*:* (string)

matchCriteriaId : D1A1316D-314B-4740-A836-D5E6319F4B28 (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:1.0.6:*:*:*:*:*:*:* (string)

matchCriteriaId : DBD27CCE-28C4-43CC-8CBD-D7FFB46171AC (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:1.0.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 97298C43-B881-4C11-ADB6-17A8E43EB84E (string)

vulnerable : true (boolean)

}

27 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:1.0.8:*:*:*:*:*:*:* (string)

matchCriteriaId : 7257ADD7-C9B7-4F85-AA13-615DD033FD5C (string)

vulnerable : true (boolean)

}

28 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:1.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 02FE950B-5E29-4FAA-9BE5-79F38B4C38F7 (string)

vulnerable : true (boolean)

}

29 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:1.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : D6F2BA78-D054-4E49-ABCA-637922898BF7 (string)

vulnerable : true (boolean)

}

30 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:1.1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 4595B1E3-25AB-489E-A847-FDBF2554DD6D (string)

vulnerable : true (boolean)

}

31 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:1.1.4:*:*:*:*:*:*:* (string)

matchCriteriaId : C11A8F17-5253-475B-89FF-A26EA7531E13 (string)

vulnerable : true (boolean)

}

32 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:1.1.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 4A88B09D-CDCF-45FD-B004-13B597DA4F48 (string)

vulnerable : true (boolean)

}

33 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:1.1.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 49583BE8-B832-4E9F-B154-47A26C72489D (string)

vulnerable : true (boolean)

}

34 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:1.1.7:*:*:*:*:*:*:* (string)

matchCriteriaId : E2501F40-3630-4528-BE0A-61D4BB6EC7FE (string)

vulnerable : true (boolean)

}

35 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:1.1.8:*:*:*:*:*:*:* (string)

matchCriteriaId : 9223DAF7-D03E-4A4E-8AB5-5CEB87DFF2C3 (string)

vulnerable : true (boolean)

}

36 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:1.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : CFF77ABF-0A03-437A-B241-1EF2BBB83D24 (string)

vulnerable : true (boolean)

}

37 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:1.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 5F096CD6-534E-4ABF-B2DF-D4B55B8C5F6A (string)

vulnerable : true (boolean)

}

38 : { »

criteria : cpe:2.3:a:mantisbt:mantisbt:1.2.2:*:*:*:*:*:*:* (string)

matchCriteriaId : A66AB537-6FBA-4A51-B10C-BF61F54BC01B (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP. (string)

}

1 : { »

lang : es (string)

value : Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en admin / upgrade_unattended.php en MantisBT antes de 1.2.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro db_type, relacionado con una llamada insegura por MantisBT a una función en la Biblioteca ADOdb para PHP. (string)

}

]

id : CVE-2010-4348 (string)

lastModified : 2025-04-11T00:51:21.963 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 4.3 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

}

published : 2011-01-03T20:00:42.967 (string)

references : [ »

0 : { »

source : secalert@redhat.com (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html (string)

}

1 : { »

source : secalert@redhat.com (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html (string)

}

2 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

]

url : http://openwall.com/lists/oss-security/2010/12/15/4 (string)

}

3 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

]

url : http://openwall.com/lists/oss-security/2010/12/16/1 (string)

}

4 : { »

source : secalert@redhat.com (string)

url : http://secunia.com/advisories/42772 (string)

}

5 : { »

source : secalert@redhat.com (string)

url : http://secunia.com/advisories/51199 (string)

}

6 : { »

source : secalert@redhat.com (string)

url : http://security.gentoo.org/glsa/glsa-201211-01.xml (string)

}

7 : { »

source : secalert@redhat.com (string)

url : http://www.mantisbt.org/blog/?p=123 (string)

}

8 : { »

source : secalert@redhat.com (string)

url : http://www.mantisbt.org/bugs/changelog_page.php?version_id=112 (string)

}

9 : { »

source : secalert@redhat.com (string)

url : http://www.mantisbt.org/bugs/view.php?id=12607 (string)

}

10 : { »

source : secalert@redhat.com (string)

url : http://www.vupen.com/english/advisories/2011/0002 (string)

}

11 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

]

url : http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php (string)

}

12 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=663230 (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

]

url : http://openwall.com/lists/oss-security/2010/12/15/4 (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

]

url : http://openwall.com/lists/oss-security/2010/12/16/1 (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://secunia.com/advisories/42772 (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://secunia.com/advisories/51199 (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://security.gentoo.org/glsa/glsa-201211-01.xml (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.mantisbt.org/blog/?p=123 (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.mantisbt.org/bugs/changelog_page.php?version_id=112 (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.mantisbt.org/bugs/view.php?id=12607 (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.vupen.com/english/advisories/2011/0002 (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

]

url : http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=663230 (string)

}

]

sourceIdentifier : secalert@redhat.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object