0.002 Low
EPSS
Percentile
61.2%
Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie.
github.com/mantisbt/mantisbt/commit/511564cc
www.mantisbt.org/bugs/view.php?id=17890
launchpad.net/bugs/cve/CVE-2014-9269
nvd.nist.gov/vuln/detail/CVE-2014-9269
security-tracker.debian.org/tracker/CVE-2014-9269
www.cve.org/CVERecord?id=CVE-2014-9269