CVE-2014-9269

2015-01-09T13:59:01
ID CVE-2014-9269
Type cve
Reporter NVD
Modified 2017-01-02T21:59:23

Description

Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie.