This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote web server contains a PHP application that is affected by
multiple cross-site scripting vulnerabilities.
According to its version number, the MantisBT install hosted on the
remote web server is affected by multiple cross-site scripting
- A flaw exists in on the Configuration Report page in the
'adm_config_report.php' script. (CVE-2013-1932)
- A flaw exists because the application fails to sanitize
user input to the 'name' when adding a complex
configuration option. This flaw affects MantisBT version
1.2.13 only. (CVE-2013-1934)
A remote attacker, exploiting these flaws, could execute arbitrary
script code in a user's browser.
See also :
Upgrade to version 1.2.14 or later.
Risk factor :
Low / CVSS Base Score : 3.5
CVSS Temporal Score : 2.9
Public Exploit Available : true