3 matches found
Mantis MantisBT Bug Tracker adm_config_report.php move_attachments_page.php XSS (CVE-2017-7309)
Three cross-site scripting vulnerabilities exist in Mantis Bug Tracker MantisBT. These vulnerabilities are due to insufficient input validation of the action, type and configoption HTTP parameters by admconfigreport.php and moveattachmentspage.php. A remote attacker could exploit this vulnerabili...
CVE-2017-7309
A cross-site scripting XSS vulnerability in the MantisBT Configuration Report page admconfigreport.php allows remote attackers to inject arbitrary code if CSP settings permit it through a crafted 'configoption' parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3...
CVE-2017-7309
CVE-2017-7309 describes a cross-site scripting (XSS) vulnerability in MantisBT’s adm_config_report.php (Configuration Report) where the config_option parameter can be crafted to inject code. Affected software is MantisBT; the vulnerability arises from insufficient input validation on the configur...