Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-12062

Опубликовано: 01 авг. 2017
Источник: debian
EPSS Низкий

Описание

An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
mantisremovedpackage
mantisend-of-lifewheezypackage

EPSS

Процентиль: 73%
0.00741
Низкий

Связанные уязвимости

nvd логотип

CVE-2017-12062

CVSS3: 6.1
nvd
больше 8 лет назад

An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled.

github логотип

GHSA-w93w-rx52-24qh

CVSS3: 6.1
github
больше 3 лет назад

MantisBT vulnerable to XSS via unsanitized filter field in manage_user_page.php

EPSS

Процентиль: 73%
0.00741
Низкий