CVE-2019-15539: XSS
First published: Thu Mar 19 2020(Updated: )
The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed when editing the document's page.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mantisbt Mantisbt | <2.21.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2019-15539.
What is the severity rating of CVE-2019-15539?
CVE-2019-15539 has a severity rating of medium (6.1).
What is the affected software for CVE-2019-15539?
The affected software for CVE-2019-15539 is MantisBT version up to exclusive 2.21.3.
What is the CWE classification for CVE-2019-15539?
CVE-2019-15539 is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation).
How can I fix the CVE-2019-15539 vulnerability?
To fix the CVE-2019-15539 vulnerability, you should update MantisBT to version 2.21.3 or later.
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/mantisbt
- canonical/mantisbt mantisbt