Описание
MantisBT vulnerable to XSS via unescaped output in browser_search_plugin.php
An XSS issue was discovered in browser_search_plugin.php in MantisBT up to and including 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.
Пакеты
Наименование
mantisbt/mantisbt
composer
Затронутые версииВерсия исправления
<= 2.25.2
Отсутствует
Связанные уязвимости
CVSS3: 6.1
nvd
почти 4 года назад
An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.
CVSS3: 6.1
debian
почти 4 года назад
An XSS issue was discovered in browser_search_plugin.php in MantisBT b ...