Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-w93w-rx52-24qh

Опубликовано: 17 мая 2022
Источник: github
Github: Прошло ревью
CVSS3: 6.1

Описание

MantisBT vulnerable to XSS via unsanitized filter field in manage_user_page.php

An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled.

Ссылки

Пакеты

Наименование

mantisbt/mantisbt

composer
Затронутые версииВерсия исправления

>= 2.0.0, < 2.5.2

2.5.2

EPSS

Процентиль: 72%
0.00741
Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2017-12062

Дефекты

CWE-79

Связанные уязвимости

nvd логотип

CVE-2017-12062

CVSS3: 6.1
nvd
больше 8 лет назад

An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled.

debian логотип

CVE-2017-12062

CVSS3: 6.1
debian
больше 8 лет назад

An XSS issue was discovered in manage_user_page.php in MantisBT 2.x be ...

EPSS

Процентиль: 72%
0.00741
Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2017-12062

Дефекты

CWE-79