CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2009-2802

MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 62.7%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://mantisbt.org/blog/archives/mantisbt/113
https://mantisbt.org/bugs/view.php?id=11952
https://security-tracker.debian.org/tracker/CVE-2009-2802
https://mantisbt.org/blog/archives/mantisbt/113
https://mantisbt.org/bugs/view.php?id=11952
https://security-tracker.debian.org/tracker/CVE-2009-2802

Products affected by CVE-2009-2802

Mantisbt » Mantisbt » Version: 1.2.0

cpe:2.3:a:mantisbt:mantisbt:1.2.0
Mantisbt » Mantisbt » Version: 1.2.1

cpe:2.3:a:mantisbt:mantisbt:1.2.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-2802

Products

Pricing

Contact Us