2 matches found
CVE-2017-12061
An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by...
CVE-2017-12061
CVE-2017-12061 affects MantisBT installations via admin/install.php, with XSS caused by unsanitized user-controlled variables in the installer (notably $f_database, $f_db_username, $f_admin_username). Vulnerable versions are MantisBT < 1.3.12 and