CVE-2017-12062: XSS
First published: Tue Aug 01 2017(Updated: )
An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MantisBT | =2.1.0 | |
| MantisBT | =2.1.1 | |
| MantisBT | =2.1.2 | |
| MantisBT | =2.1.3 | |
| MantisBT | =2.2.0 | |
| MantisBT | =2.2.1 | |
| MantisBT | =2.2.2 | |
| MantisBT | =2.2.3 | |
| MantisBT | =2.2.4 | |
| MantisBT | =2.3.0 | |
| MantisBT | =2.3.1 | |
| MantisBT | =2.3.2 | |
| MantisBT | =2.3.3 | |
| MantisBT | =2.4.0 | |
| MantisBT | =2.4.1 | |
| MantisBT | =2.4.2 | |
| MantisBT | =2.5.0 | |
| MantisBT | =2.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- agent/remedy
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mantisbt
- canonical/mantisbt
- version/mantisbt/2.1.0
- version/mantisbt/2.1.1
- version/mantisbt/2.1.2
- version/mantisbt/2.1.3
- version/mantisbt/2.2.0
- version/mantisbt/2.2.1
- version/mantisbt/2.2.2
- version/mantisbt/2.2.3
- version/mantisbt/2.2.4
- version/mantisbt/2.3.0
- version/mantisbt/2.3.1
- version/mantisbt/2.3.2
- version/mantisbt/2.3.3
- version/mantisbt/2.4.0
- version/mantisbt/2.4.1
- version/mantisbt/2.4.2
- version/mantisbt/2.5.0
- version/mantisbt/2.5.1