4 matches found
CVE-2019-15539
The projdoceditpage.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting XSS vulnerability, allowing execution of arbitrary code if CSP settings permit it after uploading an attachment with a crafted filename. The code is executed when editing the document...
MantisBT < 2.21.3 XSS Vulnerability - Windows
MantisBT is prone to a cross-site scripting vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...
CVE-2019-15539
The CVE-2019-15539 entry concerns MantisBT before version 2.21.3, affecting the proj_doc_edit_page.php Project Documentation feature. The vulnerability is a stored XSS flaw triggered when uploading an attachment with a crafted filename; the injected script is executed when editing the document pa...
CVE-2019-15539
The projdoceditpage.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting XSS vulnerability, allowing execution of arbitrary code if CSP settings permit it after uploading an attachment with a crafted filename. The code is executed when editing the document...