mirror of
https://github.com/0xMarcio/cve.git
synced 2025-06-07 05:26:37 +00:00
878 B
878 B
CVE-2011-3356
Description
Multiple cross-site scripting (XSS) vulnerabilities in config_defaults_inc.php in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO, as demonstrated by the PATH_INFO to (1) manage_config_email_page.php, (2) manage_config_workflow_page.php, or (3) bugs/plugin.php.
POC
Reference
- http://securityreason.com/securityalert/8392
- http://www.mantisbt.org/bugs/view.php?id=13191
- http://www.mantisbt.org/bugs/view.php?id=13281
Github
No PoCs found on GitHub currently.