exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2017-7222

почти 9 лет назад

A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged access to MantisBT configuration management pages (i.e., administrator access rights) or altering the system configuration file (config_inc.php).

CVSS3: 6.1

EPSS: Низкий

CVE-2017-7222

почти 9 лет назад

A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged access to MantisBT configuration management pages (i.e., administrator access rights) or altering the system configuration file (config_inc.php).

CVSS3: 6.1

EPSS: Низкий

CVE-2017-7222

почти 9 лет назад

A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 al ...

CVSS3: 6.1

EPSS: Низкий

GHSA-q4m4-prmh-jh37

больше 3 лет назад

A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged access to MantisBT configuration management pages (i.e., administrator access rights) or altering the system configuration file (config_inc.php).

CVSS3: 6.1

EPSS: Низкий

BDU:2017-00769

почти 9 лет назад

Уязвимость системы отслеживания ошибок MantisBT, позволяющая нарушителю выполнять произвольный HTML или JavaScript код

CVSS2: 4.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2017-7222 A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged access to MantisBT configuration management pages (i.e., administrator access rights) or altering the system configuration file (config_inc.php).	CVSS3: 6.1	0% Низкий	почти 9 лет назад
CVE-2017-7222 A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged access to MantisBT configuration management pages (i.e., administrator access rights) or altering the system configuration file (config_inc.php).	CVSS3: 6.1	0% Низкий	почти 9 лет назад
CVE-2017-7222 A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 al ...	CVSS3: 6.1	0% Низкий	почти 9 лет назад
GHSA-q4m4-prmh-jh37 A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged access to MantisBT configuration management pages (i.e., administrator access rights) or altering the system configuration file (config_inc.php).	CVSS3: 6.1	0% Низкий	больше 3 лет назад
BDU:2017-00769 Уязвимость системы отслеживания ошибок MantisBT, позволяющая нарушителю выполнять произвольный HTML или JavaScript код	CVSS2: 4.3	0% Низкий	почти 9 лет назад

Уязвимостей на страницу