Red Hat Bugzilla – Bug 634340
CVE-2010-3303 mantis: several XSS flaws fixed in 1.2.3
Last modified: 2016-03-04 07:40:24 EST
Upstream MantisBT has released  version 1.2.3 which corrects a number of XSS flaws. Two already have CVE names: CVE-2010-3070 and CVE-2010-2574. There are an additional four issues currently without CVE names.
From the changelog :
- 0012312: [security] NuSOAP WSDL XSS (cross-site scripting vulnerability) in Mantis 1.2.2 (CVE-2010-3070)
- 0012230: [security] XSS vulnerability when deleting maliciously named categories (CVE-2010-2574)
- 0012231: [security] XSS vulnerability when uninstalling maliciously named plugins
- 0012232: [security] Multiple XSS issues with custom field enumeration values
- 0012234: [security] XSS issues when using custom field String values
- 0012238: [security] XSS in print_all_bug_page_word.php when printing project and category names
Created mantis tracking bugs for this issue
Affects: fedora-all [bug 634341]
The four issues without CVE names have been given the name CVE-2010-3303.
The update was pushed lately, looks like something did not work with auto-closing.