9 matches found
EUVD-2019-6154
Malware in sbrugna...
CVE-2024-52298 macro-pdfviewer's preview in WYSIWYG editor allows accessing any PDF document as the last author
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker to view any attachment using the "Delegate my view right" feature as long as the attacker can view a page whose last author has access to the attachment. For this, the attacker only needs...
GHSA-GG4J-279J-22PH MantisBT allows cross-site scripting (XSS) via crafted filename
The Timeline feature in myviewpage.php in MantisBT through 2.21.1 has a stored cross-site scripting XSS vulnerability, allowing execution of arbitrary code if CSP settings permit it after uploading an attachment with a crafted filename. The code is executed for any user having visibility to the...
MantisBT allows cross-site scripting (XSS) via crafted filename
The Timeline feature in myviewpage.php in MantisBT through 2.21.1 has a stored cross-site scripting XSS vulnerability, allowing execution of arbitrary code if CSP settings permit it after uploading an attachment with a crafted filename. The code is executed for any user having visibility to the...
Cross-site Scripting (XSS)
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via crafted filenames in the myviewpage.php Timeline feature. An attacker can execute arbitrary code visible to any user viewing the My View Page by uploading an...
GHSA-8R2M-QHFF-JM2C MantisBT XSS via my_view_page.php and view_user_page.php
A cross-site scripting XSS vulnerability in the MantisBT 2.3.x before 2.3.2 Timeline include page, used in My View myviewpage.php and User Information viewuserpage.php pages, allows remote attackers to inject arbitrary code if CSP settings permit it through crafted PATHINFO in a URL, due to use o...
MantisBT 'Timeline include' page cross-site scripting vulnerability
MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. A cross-site scripting vulnerability exists in the Timeline include page used in the My View myviewpage.php and User...
CVE-2017-7897
A cross-site scripting XSS vulnerability in the MantisBT 2.3.x before 2.3.2 Timeline include page, used in My View myviewpage.php and User Information viewuserpage.php pages, allows remote attackers to inject arbitrary code if CSP settings permit it through crafted PATHINFO in a URL, due to use o...
Cross site scripting
A cross-site scripting XSS vulnerability in the MantisBT 2.3.x before 2.3.2 Timeline include page, used in My View myviewpage.php and User Information viewuserpage.php pages, allows remote attackers to inject arbitrary code if CSP settings permit it through crafted PATHINFO in a URL, due to use o...