CVE-2004-1730 - Antediluvial Exchanges

Description

Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php (2) e-mail field in signup.php (3) action parameter to login_select_proj_page.php or (4) hide_status parameter to view_all_set.php.

Reference

http://www.securityfocus.com/bid/10994 http://secunia.com/advisories/12338 http://marc.info/?l=bugtraq&m=109312225727345&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/17072 https://exchange.xforce.ibmcloud.com/vulnerabilities/17070 https://exchange.xforce.ibmcloud.com/vulnerabilities/17069 https://exchange.xforce.ibmcloud.com/vulnerabilities/17066