CVE-2006-0841
published 2006-02-22CVE-2006-0841: Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1)…
PriorityP423medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
5.34%
91.6th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522.
Affected
61 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mantis | mantis | — | — |
| mantis | mantis | — | — |
| mantis | mantis | — | — |
| mantis | mantis | — | — |
| mantis | mantis | — | — |
| mantis | mantis | — | — |
| mantis | mantis | — | — |
| mantis | mantis | — | — |
| mantis | mantis | — | — |
| mantis | mantis | — | — |
| mantis | mantis | — | — |
| mantis | mantis | — | — |
| mantis | mantis | — | — |
| mantis | mantis | — | — |
| mantis | mantis | — | — |
| mantis | mantis | — | — |
| mantis | mantis | — | — |
| mantis | mantis | — | — |
| mantis | mantis | — | — |
| mantis | mantis | — | — |
| mantis | mantis | — | — |
| mantis | mantis | — | — |
| mantis | mantis | — | — |
| mantis | mantis | — | — |
| mantis | mantis | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Mantis Bug Tracker 0.x/1.0 - 'view_all_set.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2006-02-15
CVE-2006-0841 Mantis Bug Tracker 0.x/1.0 - 'view_all_set.php' Multiple Cross-Site Scripting Vulnerabilities
Mantis Bug Tracker 0.x/1.0 - 'view_all_set.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/16657/info
Mantis is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Successful exploitation of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
http://www.example.com/view_all_set.php?type=1&handler_id=1&hide_status=[XSS]
http://www.example.com/view_all_set.php?type=1&handl
Exploit-DB
Mantis Bug Tracker 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting
exploitdb·2006-02-15
CVE-2006-0841 Mantis Bug Tracker 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting
Mantis Bug Tracker 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/16657/info
Mantis is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Successful exploitation of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
http://www.example.com/manage_user_page.php?sort=[XSS]
http://morph3us.org/advisories/20060214-mantis-100rc4.txthttp://secunia.com/advisories/21400http://sourceforge.net/project/showfiles.php?group_id=14963&package_id=12175&release_id=386059http://sourceforge.net/project/shownotes.php?release_id=386059&group_id=14963http://www.debian.org/security/2006/dsa-1133http://www.osvdb.org/22487http://www.osvdb.org/23248http://www.securityfocus.com/archive/1/425046/100/0/threadedhttp://www.securityfocus.com/bid/16657http://morph3us.org/advisories/20060214-mantis-100rc4.txthttp://secunia.com/advisories/21400http://sourceforge.net/project/showfiles.php?group_id=14963&package_id=12175&release_id=386059http://sourceforge.net/project/shownotes.php?release_id=386059&group_id=14963http://www.debian.org/security/2006/dsa-1133http://www.osvdb.org/22487http://www.osvdb.org/23248http://www.securityfocus.com/archive/1/425046/100/0/threadedhttp://www.securityfocus.com/bid/16657
2006-02-22
Published