exploitDog

CVE-2017-6958

Опубликовано: 17 мар. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

An XSS vulnerability in the MantisBT Source Integration Plugin (before 2.0.2) search result page allows an attacker to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by crafting any valid parameter.

Ссылки

https://github.com/mantisbt-plugins/source-integration/issues/205
Patch
Third Party Advisory
https://github.com/mantisbt-plugins/source-integration/issues/205
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mantisbt:source_integration:*:*:*:*:*:mantisbt:*:*

Версия до 2.0.1 (включая)

EPSS

Процентиль: 55%

0.00328

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-v2cp-6p8m-85fh

CVSS3: 6.1

github

больше 3 лет назад

An XSS vulnerability in the MantisBT Source Integration Plugin (before 2.0.2) search result page allows an attacker to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by crafting any valid parameter.

EPSS

Процентиль: 55%

0.00328

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79