Lucene search
K

34 matches found

OSV
OSV
added 2017/03/31 4:59 a.m.16 views

CVE-2017-7309

A cross-site scripting XSS vulnerability in the MantisBT Configuration Report page admconfigreport.php allows remote attackers to inject arbitrary code if CSP settings permit it through a crafted 'configoption' parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3...

4.8CVSS5.8AI score
Exploits0References4
Cvelist
Cvelist
added 2017/03/31 4:26 a.m.20 views

CVE-2017-6973

A cross-site scripting XSS vulnerability in the MantisBT Configuration Report page admconfigreport.php allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2...

4.9AI score0.00929EPSS
Exploits1References4
CVE
CVE
added 2017/03/31 4:26 a.m.50 views

CVE-2017-7309

CVE-2017-7309 describes a cross-site scripting (XSS) vulnerability in MantisBT’s adm_config_report.php (Configuration Report) where the config_option parameter can be crafted to inject code. Affected software is MantisBT; the vulnerability arises from insufficient input validation on the configur...

4.8CVSS4.8AI score0.57699EPSS
Exploits1References4Affected Software1
CNVD
CNVD
added 2015/08/27 12:0 a.m.3 views

MantisBT Configuration Report Page Cross-Site Scripting Vulnerability

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. A cross-site scripting vulnerability exists in the 'set configuration' text box in the Configuration Report page in...

3.5CVSS5.9AI score0.0123EPSS
Exploits0References1
NVD
NVD
added 2015/08/24 3:59 p.m.19 views

CVE-2014-8987

Cross-site scripting XSS vulnerability in the "set configuration" box in the Configuration Report page admconfigreport.php in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the configoption parameter, a different vulnerability than...

3.5CVSS5.3AI score0.0123EPSS
Exploits0References7
Prion
Prion
added 2015/08/24 3:59 p.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in the "set configuration" box in the Configuration Report page admconfigreport.php in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the configoption parameter, a different vulnerability than...

3.5CVSS5.8AI score0.0123EPSS
Exploits0References7Affected Software1
UbuntuCve
UbuntuCve
added 2015/08/24 3:59 p.m.40 views

CVE-2014-8987

Cross-site scripting XSS vulnerability in the "set configuration" box in the Configuration Report page admconfigreport.php in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the configoption parameter, a different vulnerability than...

3.5CVSS6AI score0.0123EPSS
Exploits0References3
CVE
CVE
added 2015/08/24 3:0 p.m.66 views

CVE-2014-8987

Summary (from connected sources): MantisBT versions 1.2.13–1.2.17 contain a cross-site scripting (XSS) vulnerability in the Configuration Report page (adm_config_report.php), exploitable via the config_option parameter, allowing remote administrators to inject arbitrary web script or HTML. The is...

3.5CVSS5.3AI score0.0123EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2015/08/24 3:0 p.m.24 views

CVE-2014-8987

Cross-site scripting XSS vulnerability in the "set configuration" box in the Configuration Report page admconfigreport.php in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the configoption parameter, a different vulnerability than...

5.4AI score0.0123EPSS
Exploits0References7
NVD
NVD
added 2014/11/24 3:59 p.m.15 views

CVE-2014-8986

Cross-site scripting XSS vulnerability in the selection list in the filters in the Configuration Report page admconfigreport.php in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via a crafted config option, a different vulnerability than...

3.5CVSS5.2AI score0.0123EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2014/11/24 3:59 p.m.27 views

CVE-2014-8986

Cross-site scripting XSS vulnerability in the selection list in the filters in the Configuration Report page admconfigreport.php in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via a crafted config option, a different vulnerability than...

3.5CVSS5.9AI score0.0123EPSS
Exploits0References2
Prion
Prion
added 2014/11/24 3:59 p.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in the selection list in the filters in the Configuration Report page admconfigreport.php in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via a crafted config option, a different vulnerability than...

3.5CVSS5.7AI score0.0123EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2014/11/24 3:0 p.m.27 views

CVE-2014-8986

Cross-site scripting XSS vulnerability in the selection list in the filters in the Configuration Report page admconfigreport.php in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via a crafted config option, a different vulnerability than...

5.3AI score0.0123EPSS
Exploits0References7
CVE
CVE
added 2014/11/24 3:0 p.m.65 views

CVE-2014-8986

CVE-2014-8986 is a documented XSS vulnerability in MantisBT 1.2.13–1.2.17. The flaw resides in the Configuration Report page (adm_config_report.php) where the selection/filters of the Configuration Report can be exploited via the config_option parameter to inject arbitrary script/HTML. The connec...

3.5CVSS5.2AI score0.0123EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder