3 matches found
MantisBT cross-site scripting (XSS) vulnerability through crafted PATH_INFO
A cross-site scripting XSS vulnerability in the View Filters page viewfilterspage.php and Edit Filter page managefiltereditpage.php in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code if CSP settings permit it through a crafted PATHINFO. NOTE: this vulnerability exis...
MantisBT vulnerable to XSS through config_option parameter in adm_config_report.php
A cross-site scripting XSS vulnerability in the MantisBT Configuration Report page admconfigreport.php allows remote attackers to inject arbitrary code if CSP settings permit it through a crafted 'configoption' parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3...
MantisBT vulnerable to XSS via unsanitized filter field in manage_user_page.php
An XSS issue was discovered in manageuserpage.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled...