5 matches found
MantisBT < 2.25.2 - Cross-Site Scripting
MantisBT before 2.25.2 contains a cross-site scripting vulnerability in browsersearchplugin.php. The application does not properly sanitize the 'type' parameter, which allows attackers to inject arbitrary web script or HTML via a crafted URL. id: CVE-2022-28508 info: name: MantisBT 2.25.2 -...
MantisBT < 2.25.2 XSS Vulnerability - Linux
MantisBT is prone to a cross-site scripting XSS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...
CVE-2022-28508
An XSS issue was discovered in browsersearchplugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field...
CVE-2022-28508
MantisBT prior to 2.25.2 has a cross-site scripting (XSS) vulnerability in browser_search_plugin.php where the return parameter is not properly sanitized. An attacker can inject arbitrary JavaScript/HTML via a crafted URL, potentially leading to session hijacking or credential theft in the victim...
CVE-2022-28508
creationtimestamp| type| source ---|---|--- 2022-04-30 03:26:47+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/2067 2022-04-30 17:55:24+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/5909 2025-04-24 13:45:33+00:00| confirmed|...