2 matches found
CVE-2017-7241
A cross-site scripting XSS vulnerability in the MantisBT Move Attachments page moveattachmentspage.php, part of admin tools allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection CSP settings allows it. This is fixed in 1.3.9, 2.1.3, an...
CVE-2017-7241
CVE-2017-7241 is an XSS vulnerability in MantisBT, triggered via the move_attachments_page.php in the admin tools. The issue allows injection of arbitrary code through a crafted 'type' parameter, contingent on CSP settings. It is mitigated by upgrading mantisbt/mantisbt to 1.3.9, 2.1.3, or 2.2.3 ...