CVE-2017-12062
MEDIUM6.1EPSS 0.74%MantisBT vulnerable to XSS via unsanitized filter field in manage_user_page.php
Published: 5/17/2022Modified: 6/9/2025
Description
An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled.
Affected packages (1)
- Packagist/mantisbt/mantisbt>= 2.0.0, < 2.5.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-12062
- PATCHhttps://github.com/mantisbt/mantisbt
- WEBhttp://openwall.com/lists/oss-security/2017/08/01/1
- WEBhttp://openwall.com/lists/oss-security/2017/08/01/2
- WEBhttps://github.com/mantisbt/mantisbt/commit/9b5b71dadbeeeec27efea59f562ac5bd6d2673b7
- WEBhttps://mantisbt.org/bugs/view.php?id=23166