Comment 17 for bug 690482

CVE-2010-3763 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3763):
  Cross-site scripting (XSS) vulnerability in core/summary_api.php in MantisBT
  before 1.2.3 allows remote attackers to inject arbitrary web script or HTML
  via the Summary field, a different vector than CVE-2010-3303.

CVE-2010-3303 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3303):
  Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3
  allow remote authenticated administrators to inject arbitrary web script or
  HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an
  enumeration value or (3) a String value of a custom field, related to
  core/cfdefs/cfdef_standard.php; or a (4) project or (5) category name to
  print_all_bug_page_word.php.