First published: Fri Mar 17 2017(Updated: )
An XSS vulnerability in the MantisBT Source Integration Plugin (before 2.0.2) search result page allows an attacker to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by crafting any valid parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
MantisBT | <=2.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-6958 is classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.
To fix CVE-2017-6958, upgrade the MantisBT Source Integration Plugin to version 2.0.2 or later.
CVE-2017-6958 is an XSS (Cross-Site Scripting) vulnerability.
MantisBT versions prior to 2.0.2 are affected by CVE-2017-6958.
Yes, an attacker can exploit CVE-2017-6958 remotely by crafting a suitable search parameter.