CVE

Id
76288  
CVE No.
CVE-2014-8987  
Status
Candidate  
Description
Cross-site scripting (XSS) vulnerability in the "set configuration" box in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the config_option parameter, a different vulnerability than CVE-2014-8986.  
Phase
Assigned (20141119)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
703206 76288 CVE-2014-8987 MLIST:[oss-security] 20141114 CVE Request: XSS vulnerability in MantisBT 1.2.13  View
703207 76288 CVE-2014-8987 URL:http://www.openwall.com/lists/oss-security/2014/11/14/9  View
703208 76288 CVE-2014-8987 MLIST:[oss-security] 20141115 RE: CVE Request: XSS vulnerability in MantisBT 1.2.13  View
703209 76288 CVE-2014-8987 URL:http://www.openwall.com/lists/oss-security/2014/11/15/2  View
703210 76288 CVE-2014-8987 MLIST:[oss-security] 20141115 Re: CVE Request: XSS vulnerability in MantisBT 1.2.13  View
703211 76288 CVE-2014-8987 URL:http://www.openwall.com/lists/oss-security/2014/11/15/4  View
703212 76288 CVE-2014-8987 MLIST:[oss-security] 20141115 Re: Re: CVE Request: XSS vulnerability in MantisBT 1.2.13  View
703213 76288 CVE-2014-8987 URL:http://www.openwall.com/lists/oss-security/2014/11/15/3  View
703214 76288 CVE-2014-8987 MLIST:[oss-security] 20141119 RE: CVE Request: XSS vulnerability in MantisBT 1.2.13  View
703215 76288 CVE-2014-8987 URL:http://www.openwall.com/lists/oss-security/2014/11/19/21  View
703216 76288 CVE-2014-8987 CONFIRM:http://www.mantisbt.org/bugs/view.php?id=17870  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
16689 JVNDB-2014-005564 Maarch LetterBox における SQL インジェクションの脆弱性 Maarch LetterBox には、SQL インジェクションの脆弱性が存在します。 CVE-2014-8995 76288 5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-005564.html  View