CVE-2013-0197

Cross-site scripting (XSS) vulnerability in the filter_draw_selection_area2 function in core/filter_api.php in MantisBT 1.2.12 before 1.2.13 allows remote attackers to inject arbitrary web script or HTML via the match_type parameter to bugs/search.php.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mantisbt:mantisbt:1.2.12:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:1.2.13:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-05-15 14:55

Updated : 2024-02-04 18:35


NVD link : CVE-2013-0197

Mitre link : CVE-2013-0197

CVE.ORG link : CVE-2013-0197


JSON object : View

Products Affected

mantisbt

  • mantisbt
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')