CVE-2017-12062
N/A
N/A
Summary
An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://openwall.com/lists/oss-security/2017/08/01/1
- http://www.securitytracker.com/id/1039030
- https://mantisbt.org/bugs/view.php?id=23166
- http://openwall.com/lists/oss-security/2017/08/01/2
- https://github.com/mantisbt/mantisbt/commit/9b5b71dadbeeeec27efea59f562ac5bd6d2673b7
References
- http://openwall.com/lists/oss-security/2017/08/01/1
- http://www.securitytracker.com/id/1039030
- https://mantisbt.org/bugs/view.php?id=23166
- http://openwall.com/lists/oss-security/2017/08/01/2
- https://github.com/mantisbt/mantisbt/commit/9b5b71dadbeeeec27efea59f562ac5bd6d2673b7
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.