← voltar
CVE-2017-12062

CVE-2017-12062

EPSS 3.9%
An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://openwall.com/lists/oss-security/2017/08/01/1http://openwall.com/lists/oss-security/2017/08/01/2https://github.com/mantisbt/mantisbt/commit/9b5b71dadbeeeec27efea59f562ac5bd6d2673b7https://mantisbt.org/bugs/view.php?id=23166http://www.securitytracker.com/id/1039030