Vulnerabilities > Mantisbt > Mantisbt > 1.2.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-01-03 | CVE-2010-4350 | Path Traversal vulnerability in Mantisbt Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. | 5.1 |
| 2011-01-03 | CVE-2010-4349 | Information Exposure vulnerability in Mantisbt admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP. | 5.0 |
| 2011-01-03 | CVE-2010-4348 | Cross-Site Scripting vulnerability in Mantisbt Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP. | 4.3 |
| 2010-10-05 | CVE-2010-3763 | Cross-Site Scripting vulnerability in Mantisbt Cross-site scripting (XSS) vulnerability in core/summary_api.php in MantisBT before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the Summary field, a different vector than CVE-2010-3303. | 4.3 |
| 2010-10-05 | CVE-2010-3303 | Cross-Site Scripting vulnerability in Mantisbt Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an enumeration value or (3) a String value of a custom field, related to core/cfdefs/cfdef_standard.php; or a (4) project or (5) category name to print_all_bug_page_word.php. | 3.5 |
| 2010-08-10 | CVE-2010-2574 | Cross-Site Scripting vulnerability in Mantisbt 1.2.2 Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action. | 2.1 |