MantisBT Cross-Site Scripting Vulnerability (CNVD-2022-68821)

MantisBT is a Web-based open source defect tracking system from the Mantisbt team. The system provides project management and defect tracking services in the form of Web operations. cross-site scripting vulnerability exists in versions prior to MantisBT 2.25.2, which originates from an unescaped...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the browsersearchplugin.php file. An attacker can inject malicious scripts into a hidden input field by manipulating the unescaped output of the return parameter...

GHSA-WFG2-2WMW-6894 MantisBT vulnerable to XSS via unescaped output in browser_search_plugin.php

An XSS issue was discovered in browsersearchplugin.php in MantisBT up to and including 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field...

CVE-2022-28508

An XSS issue was discovered in browsersearchplugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field...

MantisBT 跨站脚本漏洞

MantisBT is a Web-based open source defect tracking system from the Mantisbt team. The system provides project management and defect tracking services in the form of Web operations. cross-site scripting vulnerability exists in versions prior to MantisBT 2.25.2, which originates from an unescaped...

PT-2022-19059 · Mantisbt · Mantisbt

Name of the Vulnerable Software and Affected Versions: MantisBT versions prior to 2.25.2 Description: A cross-site scripting XSS issue was discovered in the browser search plugin.php file. This issue arises due to the unescaped output of the return parameter, allowing an attacker to inject code...