CVE-2010-3763 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3763):
Cross-site scripting (XSS) vulnerability in core/summary_api.php in MantisBT
before 1.2.3 allows remote attackers to inject arbitrary web script or HTML
via the Summary field, a different vector than CVE-2010-3303.
CVE-2010-3303 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3303):
Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3
allow remote authenticated administrators to inject arbitrary web script or
HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an
enumeration value or (3) a String value of a custom field, related to
core/cfdefs/cfdef_standard.php; or a (4) project or (5) category name to
print_all_bug_page_word.php.
CVE-2010-3763 (http:// nvd.nist. gov/nvd. cfm?cvename= CVE-2010- 3763): api.php in MantisBT
Cross-site scripting (XSS) vulnerability in core/summary_
before 1.2.3 allows remote attackers to inject arbitrary web script or HTML
via the Summary field, a different vector than CVE-2010-3303.
CVE-2010-3303 (http:// nvd.nist. gov/nvd. cfm?cvename= CVE-2010- 3303): plugin_ uninstall. php; (2) an cfdefs/ cfdef_standard. php; or a (4) project or (5) category name to all_bug_ page_word. php.
Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3
allow remote authenticated administrators to inject arbitrary web script or
HTML via (1) a plugin name, related to manage_
enumeration value or (3) a String value of a custom field, related to
core/
print_