9 matches found
Best Practical RT 跨站脚本漏洞
Best Practical RT is a request tracker from Best Practical, Inc. A cross-site scripting vulnerability exists in Best Practical RT versions 5.0 through 5.0.7, which stems from the injection of JavaScript into RT permalinks, which could lead to cross-site scripting...
GHSA-9X76-MP7R-2XC5 MantisBT vulnerable to CSRF and Open Redirect attacks
MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in stringapi.php and consequently has conflicting interpretations of an initial / substring as introducing either a local pathname or a remote hostname, which leads to 1 arbitrary Permalink Injection via CSRF...
MantisBT vulnerable to CSRF and Open Redirect attacks
MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in stringapi.php and consequently has conflicting interpretations of an initial / substring as introducing either a local pathname or a remote hostname, which leads to 1 arbitrary Permalink Injection via CSRF...
Mantis Bug Tracker 1.3.10 / 2.3.0 Cross Site Request Forgery
Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt + ISR: ApparitionSec Vendor: ================ www.mantisbt.org Product: ========= Mantis Bug Tracker 1.3.10 / v2.3.0 MantisBT...
Open redirect
MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in stringapi.php and consequently has conflicting interpretations of an initial / substring as introducing either a local pathname or a remote hostname, which leads to 1 arbitrary Permalink Injection via CSRF...
CVE-2017-7620
MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in stringapi.php and consequently has conflicting interpretations of an initial / substring as introducing either a local pathname or a remote hostname, which leads to 1 arbitrary Permalink Injection via CSRF...
CVE-2017-7620
MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in stringapi.php and consequently has conflicting interpretations of an initial / substring as introducing either a local pathname or a remote hostname, which leads to 1 arbitrary Permalink Injection via CSRF...
Mantis Bug Tracker 1.3.10/2.3.0 - Cross-Site Request Forgery
Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt + ISR: ApparitionSec Vendor: ================ www.mantisbt.org Product: ========= Mantis Bug Tracker 1.3.10 / v2.3.0 MantisBT...
Mantis Bug Tracker 1.3.102.3.0 - Cross-Site Request Forgery
Mantis Bug Tracker 1.3.102.3.0 - Cross-Site Request Forgery + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt + ISR: ApparitionSec Vendor: ================ www.mantisbt.org...