DSA-1467 mantis -- several vulnerabilitiesID: oval:org.mitre.oval:def:7408 | Date: (C)2009-12-15 (M)2021-06-02 |
Class: PATCH | Family: unix |
Several remote vulnerabilities have been discovered in Mantis, a web based bug tracking system. The Common Vulnerabilities and Exposures project identifies the following problems: Custom fields were not appropriately protected by per-item access control, allowing for sensitive data to be published. Multiple cross site scripting issues allowed a remote attacker to insert malicious HTML or web script into Mantis web pages.