CVE-2017-12062
CVE-2017-12062 affects MantisBT 2.x before 2.5.2. An XSS flaw in manage_user_page.php arises because the filter field is not sanitized before rendering on the Manage User page. This allows a remote attacker to execute arbitrary JavaScript if a Content Security Policy is disabled. The documented m...