MantisBT Cross Site Scripting and SQL Injection Vulnerabilities

An attacker can use a browser to exploit these issues. To exploit cross-site scripting issues, the attacker must entice an unsuspecting victim to follow a malicious URI.

The following proof of concept URIs are available:

http://www.example.com/path/search.php?project_id=[XSS]
http://www.example.com/path/core.php?mbadmin=[SQL]


 

Privacy Statement
Copyright 2010, SecurityFocus