CVE-2013-1810: XSS
First published: Thu May 15 2014(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in core/summary_api.php in MantisBT 1.2.12 allow remote authenticated users with manager or administrator permissions to inject arbitrary web script or HTML via a (1) category name in the summary_print_by_category function or (2) project name in the summary_print_by_project function.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CentOS Libreport-plugin-mantisbt | =1.2.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-1810?
CVE-2013-1810 is considered a medium severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2013-1810?
To fix CVE-2013-1810, upgrade MantisBT to the latest version, ideally beyond 1.2.12, which contains security patches.
Who is affected by CVE-2013-1810?
CVE-2013-1810 affects MantisBT version 1.2.12 users with manager or administrator permissions.
What types of attacks can be executed through CVE-2013-1810?
CVE-2013-1810 allows attackers to execute arbitrary web scripts or HTML, potentially leading to data theft or session hijacking.
Are there any specific actions to take if using MantisBT 1.2.12 affected by CVE-2013-1810?
If using MantisBT 1.2.12, it is critical to restrict access to manager and administrator roles until the software is updated.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mantisbt
- canonical/centos libreport-plugin-mantisbt
- version/centos libreport-plugin-mantisbt/1.2.12