CVE-2008-3331 - OpenCVE

Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mantis	Mantis

Configuration 1 [-]

OR	cpe:2.3:a:mantis:mantis::::::::
	cpe:2.3:a:mantis:mantis:0.9:::::::*
	cpe:2.3:a:mantis:mantis:0.9.0:::::::*
	cpe:2.3:a:mantis:mantis:0.9.1:::::::*
	cpe:2.3:a:mantis:mantis:0.10:::::::*
	cpe:2.3:a:mantis:mantis:0.10.0:::::::*
	cpe:2.3:a:mantis:mantis:0.10.1:::::::*
	cpe:2.3:a:mantis:mantis:0.10.2:::::::*
	cpe:2.3:a:mantis:mantis:0.11:::::::*
	cpe:2.3:a:mantis:mantis:0.11.0:::::::*
	cpe:2.3:a:mantis:mantis:0.11.1:::::::*
	cpe:2.3:a:mantis:mantis:0.12:::::::*
	cpe:2.3:a:mantis:mantis:0.12.0:::::::*
	cpe:2.3:a:mantis:mantis:0.13:::::::*
	cpe:2.3:a:mantis:mantis:0.13.0:::::::*
	cpe:2.3:a:mantis:mantis:0.13.1:::::::*
	cpe:2.3:a:mantis:mantis:0.14:::::::*
	cpe:2.3:a:mantis:mantis:0.14.0:::::::*
	cpe:2.3:a:mantis:mantis:0.14.1:::::::*
	cpe:2.3:a:mantis:mantis:0.14.2:::::::*
	cpe:2.3:a:mantis:mantis:0.14.3:::::::*
	cpe:2.3:a:mantis:mantis:0.14.4:::::::*
	cpe:2.3:a:mantis:mantis:0.14.5:::::::*
	cpe:2.3:a:mantis:mantis:0.14.6:::::::*
	cpe:2.3:a:mantis:mantis:0.14.7:::::::*
	cpe:2.3:a:mantis:mantis:0.14.8:::::::*
	cpe:2.3:a:mantis:mantis:0.15:::::::*
	cpe:2.3:a:mantis:mantis:0.15.0:::::::*
	cpe:2.3:a:mantis:mantis:0.15.1:::::::*
	cpe:2.3:a:mantis:mantis:0.15.2:::::::*
	cpe:2.3:a:mantis:mantis:0.15.3:::::::*
	cpe:2.3:a:mantis:mantis:0.15.4:::::::*
	cpe:2.3:a:mantis:mantis:0.15.5:::::::*
	cpe:2.3:a:mantis:mantis:0.15.6:::::::*
	cpe:2.3:a:mantis:mantis:0.15.7:::::::*
	cpe:2.3:a:mantis:mantis:0.15.8:::::::*
	cpe:2.3:a:mantis:mantis:0.15.9:::::::*
	cpe:2.3:a:mantis:mantis:0.15.10:::::::*
	cpe:2.3:a:mantis:mantis:0.15.11:::::::*
	cpe:2.3:a:mantis:mantis:0.15.12:::::::*
	cpe:2.3:a:mantis:mantis:0.16:::::::*
	cpe:2.3:a:mantis:mantis:0.16.0:::::::*
	cpe:2.3:a:mantis:mantis:0.16.1:::::::*
	cpe:2.3:a:mantis:mantis:0.17:::::::*
	cpe:2.3:a:mantis:mantis:0.17.0:::::::*
	cpe:2.3:a:mantis:mantis:0.17.1:::::::*
	cpe:2.3:a:mantis:mantis:0.17.2:::::::*
	cpe:2.3:a:mantis:mantis:0.17.3:::::::*
	cpe:2.3:a:mantis:mantis:0.17.4:::::::*
	cpe:2.3:a:mantis:mantis:0.17.4a:::::::*
	cpe:2.3:a:mantis:mantis:0.17.5:::::::*
	cpe:2.3:a:mantis:mantis:0.18:::::::*
	cpe:2.3:a:mantis:mantis:0.18.0:::::::*
	cpe:2.3:a:mantis:mantis:0.18.0_rc1:::::::*
	cpe:2.3:a:mantis:mantis:0.18.0a1:::::::*
	cpe:2.3:a:mantis:mantis:0.18.0a2:::::::*
	cpe:2.3:a:mantis:mantis:0.18.0a3:::::::*
	cpe:2.3:a:mantis:mantis:0.18.0a4:::::::*
	cpe:2.3:a:mantis:mantis:0.18.1:::::::*
	cpe:2.3:a:mantis:mantis:0.18.2:::::::*
	cpe:2.3:a:mantis:mantis:0.18.3:::::::*
	cpe:2.3:a:mantis:mantis:0.18a1:::::::*
	cpe:2.3:a:mantis:mantis:0.19:::::::*
	cpe:2.3:a:mantis:mantis:0.19.0:::::::*
cpe:2.3:a:mantis:mantis:0.19.0_rc1:::::::*
cpe:2.3:a:mantis:mantis:0.19.0a:::::::*
cpe:2.3:a:mantis:mantis:0.19.0a1:::::::*
cpe:2.3:a:mantis:mantis:0.19.0a2:::::::*
cpe:2.3:a:mantis:mantis:0.19.1:::::::*
cpe:2.3:a:mantis:mantis:0.19.2:::::::*
cpe:2.3:a:mantis:mantis:0.19.3:::::::*
cpe:2.3:a:mantis:mantis:0.19.4:::::::*
cpe:2.3:a:mantis:mantis:1.0:::::::*
cpe:2.3:a:mantis:mantis:1.0.0:::::::*
cpe:2.3:a:mantis:mantis:1.0.0_rc1:::::::*
cpe:2.3:a:mantis:mantis:1.0.0_rc2:::::::*
cpe:2.3:a:mantis:mantis:1.0.0_rc3:::::::*
cpe:2.3:a:mantis:mantis:1.0.0_rc4:::::::*
cpe:2.3:a:mantis:mantis:1.0.0_rc5:::::::*
cpe:2.3:a:mantis:mantis:1.0.0a1:::::::*
cpe:2.3:a:mantis:mantis:1.0.0a2:::::::*
cpe:2.3:a:mantis:mantis:1.0.0a3:::::::*
cpe:2.3:a:mantis:mantis:1.0.0rc1:::::::*
cpe:2.3:a:mantis:mantis:1.0.0rc2:::::::*
cpe:2.3:a:mantis:mantis:1.0.0rc3:::::::*
cpe:2.3:a:mantis:mantis:1.0.0rc4:::::::*
cpe:2.3:a:mantis:mantis:1.0.1:::::::*
cpe:2.3:a:mantis:mantis:1.0.2:::::::*
cpe:2.3:a:mantis:mantis:1.0.3:::::::*
cpe:2.3:a:mantis:mantis:1.0.4:::::::*
cpe:2.3:a:mantis:mantis:1.0.5:::::::*
cpe:2.3:a:mantis:mantis:1.0.6:::::::*
cpe:2.3:a:mantis:mantis:1.1:::::::*
cpe:2.3:a:mantis:mantis:1.1.0:::::::*
cpe:2.3:a:mantis:mantis:1.1.0a1:::::::*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=121130774617956&w=4
http://secunia.com/advisories/30270
http://secunia.com/advisories/31972
http://securityreason.com/securityalert/4044
http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml
http://www.mantisbt.org/bugs/changelog_page.php
http://www.securityfocus.com/bid/29297
http://www.vupen.com/english/advisories/2008/1598/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42549
https://nvd.nist.gov/vuln/detail/CVE-2008-3331
https://www.cve.org/CVERecord?id=CVE-2008-3331
https://www.exploit-db.com/exploits/5657

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-07-27T23:00:00

Updated: 2024-08-07T09:37:27.042Z

Reserved: 2008-07-27T00:00:00

Link: CVE-2008-3331

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-07-27T23:41:00.000

Modified: 2017-09-29T01:31:37.990

Link: CVE-2008-3331

Redhat

Severity : Moderate

Publid Date: 2008-05-20T00:00:00Z

Links: CVE-2008-3331 - Bugzilla

Metrics

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object