CVE-2013-1810
Multiple cross-site scripting (XSS) vulnerabilities in core/summary_api.php in MantisBT 1.2.12 allow remote authenticated users with manager or administrator permissions to inject arbitrary web script or HTML via a (1) category name in the summary_print_by_category function or (2) project name in the summary_print_by_project function.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.0015 (0.2%)
Percentile: 35.3%
EPSS: 2026-05-06
Affects
mantisbt:mantisbtTechnical description
Multiple cross-site scripting (XSS) vulnerabilities in core/summary_api.php in MantisBT 1.2.12 allow remote authenticated users with manager or administrator permissions to inject arbitrary web script or HTML via a (1) category name in the summary_print_by_category function or (2) project name in the summary_print_by_project function.
Published: 5/15/2014, 2:55:06 PM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://seclists.org/oss-sec/2013/q1/127
- http://seclists.org/oss-sec/2013/q1/556
- http://secunia.com/advisories/51853
- http://www.mantisbt.org/bugs/view.php?id=15384
- http://seclists.org/oss-sec/2013/q1/127
- http://seclists.org/oss-sec/2013/q1/556
- http://secunia.com/advisories/51853
- http://www.mantisbt.org/bugs/view.php?id=15384