CVE-2011-3356

NameCVE-2011-3356
DescriptionMultiple cross-site scripting (XSS) vulnerabilities in config_defaults_inc.php in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO, as demonstrated by the PATH_INFO to (1) manage_config_email_page.php, (2) manage_config_workflow_page.php, or (3) bugs/plugin.php.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs640297

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mantissourcelenny(not affected)
mantissourcesqueeze(not affected)
mantissource(unstable)1.2.7-1low640297

Notes

[squeeze] - mantis <not-affected> (Vulnerable code not present)
[lenny] - mantis <not-affected> (Vulnerable code not present)
Search for package or bug name: Reporting problems