5 matches found
EUVD-2019-6154
Malware in sbrugna...
Cross-site Scripting (XSS)
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via crafted filenames in the myviewpage.php Timeline feature. An attacker can execute arbitrary code visible to any user viewing the My View Page by uploading an...
GHSA-GG4J-279J-22PH MantisBT allows cross-site scripting (XSS) via crafted filename
The Timeline feature in myviewpage.php in MantisBT through 2.21.1 has a stored cross-site scripting XSS vulnerability, allowing execution of arbitrary code if CSP settings permit it after uploading an attachment with a crafted filename. The code is executed for any user having visibility to the...
MantisBT allows cross-site scripting (XSS) via crafted filename
The Timeline feature in myviewpage.php in MantisBT through 2.21.1 has a stored cross-site scripting XSS vulnerability, allowing execution of arbitrary code if CSP settings permit it after uploading an attachment with a crafted filename. The code is executed for any user having visibility to the...
GHSA-8R2M-QHFF-JM2C MantisBT XSS via my_view_page.php and view_user_page.php
A cross-site scripting XSS vulnerability in the MantisBT 2.3.x before 2.3.2 Timeline include page, used in My View myviewpage.php and User Information viewuserpage.php pages, allows remote attackers to inject arbitrary code if CSP settings permit it through crafted PATHINFO in a URL, due to use o...