Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.
Debian Security Advisory 1133-1 - Several remote vulnerabilities have been discovered in the Mantis bug tracking system, which may lead to the execution of arbitrary web scripts.