CVE-2014-8987

2015-08-2415:59:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-8987

cross-site scripting

xss vulnerability

mantisbt

configuration report page

remote administrators

html injection

web script

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

49.0%

JSON

Cross-site scripting (XSS) vulnerability in the “set configuration” box in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the config_option parameter, a different vulnerability than CVE-2014-8986.

CPENameOperatorVersion
mantisbt:mantisbtmantisbteq1.2.13
mantisbt:mantisbtmantisbteq1.2.15
mantisbt:mantisbtmantisbteq1.2.16
mantisbt:mantisbtmantisbteq1.2.17
mantisbt:mantisbtmantisbteq1.2.14

CPE	Name	Operator	Version
mantisbt:mantisbt	mantisbt	eq	1.2.13
mantisbt:mantisbt	mantisbt	eq	1.2.15
mantisbt:mantisbt	mantisbt	eq	1.2.16
mantisbt:mantisbt	mantisbt	eq	1.2.17
mantisbt:mantisbt	mantisbt	eq	1.2.14