Lucene search
China National Vulnerability DatabaseCNVD-2022-58240HistoryJun 28, 2022 - 12:00 a.m.
MantisBT Cross-Site Scripting Vulnerability (CNVD-2022-58240)
2022-06-2800:00:00
China National Vulnerability Database
www.cnvd.org.cn
12
mantisbt
cross-site scripting
security vulnerability
svg document
remote attack
EPSS
0.001
Percentile
35.1%
MantisBT is a Web-based open source defect tracking system from the Mantisbt team. A cross-site scripting vulnerability exists in versions of MantisBT prior to 2.25.5. The vulnerability stems from allowing a remote attacker to attach a crafted SVG document to issue a report or bug note, and when a user or administrator clicks on the attachment file_download.php opens in the browser tab Instead of downloading the SVG document as a file, an attacker could exploit the vulnerability to cause JavaScript code execution.
Related
cvelist
cvelist
CVE-2022-33910
2022-06-24 16:45:56
cve
cve
CVE-2022-33910
2022-06-24 17:15:08
nvd
nvd
CVE-2022-33910
2022-06-24 17:15:08
prion
prion
Cross site scripting
2022-06-24 17:15:00
openvas
openvas
MantisBT < 2.25.5 Multiple Vulnerabilities - Windows
2022-06-28 00:00:00
MantisBT < 2.25.5 Multiple Vulnerabilities - Linux
2022-06-28 00:00:00
osv
osv
CVE-2022-33910
2022-06-24 17:15:08