2 matches found
Cross site scripting
MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks...
MantisBT 1.2.x < 1.2.14 adm_config_report.php Multiple Parameter XSS
According to its version number, the MantisBT install hosted on the remote web server is affected by multiple cross-site scripting vulnerabilities : - A flaw exists in on the Configuration Report page in the 'admconfigreport.php' script. CVE-2013-1932 - A flaw exists because the application fails...