Lucene search
K

7 matches found

OSV
OSV
added 2022/05/17 2:30 a.m.3 views

GHSA-X53V-V9XP-GF6G MantisBT XSS via move_attachments_page.php

A cross-site scripting XSS vulnerability in the MantisBT Move Attachments page moveattachmentspage.php, part of admin tools allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection CSP settings allows it. This is fixed in 1.3.9, 2.1.3, an...

4.8CVSS6.1AI score0.00929EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2022/05/17 2:30 a.m.7 views

MantisBT XSS via move_attachments_page.php

A cross-site scripting XSS vulnerability in the MantisBT Move Attachments page moveattachmentspage.php, part of admin tools allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection CSP settings allows it. This is fixed in 1.3.9, 2.1.3, an...

4.8CVSS5.2AI score0.00929EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2017/03/31 4:59 a.m.18 views

Cross site scripting

A cross-site scripting XSS vulnerability in the MantisBT Move Attachments page moveattachmentspage.php, part of admin tools allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection CSP settings allows it. This is fixed in 1.3.9, 2.1.3, an...

3.5CVSS5AI score0.00929EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2017/03/31 4:26 a.m.59 views

CVE-2017-7241

CVE-2017-7241 is an XSS vulnerability in MantisBT, triggered via the move_attachments_page.php in the admin tools. The issue allows injection of arbitrary code through a crafted 'type' parameter, contingent on CSP settings. It is mitigated by upgrading mantisbt/mantisbt to 1.3.9, 2.1.3, or 2.2.3 ...

4.8CVSS4.8AI score0.00929EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2017/03/31 4:26 a.m.23 views

CVE-2017-7241

A cross-site scripting XSS vulnerability in the MantisBT Move Attachments page moveattachmentspage.php, part of admin tools allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection CSP settings allows it. This is fixed in 1.3.9, 2.1.3, an...

4.9AI score0.00929EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2016/12/12 12:0 a.m.61 views

Debian DSA-3731-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2016-5181 A cross-site scripting issue was discovered. - CVE-2016-5182 Giwan Go discovered a heap overflow issue. - CVE-2016-5183 A use-after-free issue was discovered in the pdfium library. - CVE-2016-5184 Another...

10CVSS6.6AI score0.34703EPSS
Exploits6References94
OpenVAS
OpenVAS
added 2016/12/11 12:0 a.m.35 views

Debian Security Advisory DSA 3731-1 (chromium-browser - security update)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-5181 A cross-site scripting issue was discovered. CVE-2016-5182 Giwan Go discovered a heap overflow issue. CVE-2016-5183 A use-after-free issue was discovered in the pdfium library. CVE-2016-5184 Another...

6.8CVSS0.6AI score0.34703EPSS
Exploits6References1
Rows per page
Query Builder