CVE-2017-12062
MEDIUM6.1EPSS 0.74%MantisBT vulnerable to XSS via unsanitized filter field in manage_user_page.php
發布日:2022/5/17修改日:2025/6/9
描述
An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled.
受影響套件(1)
- Packagist/mantisbt/mantisbt>= 2.0.0, < 2.5.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-12062
- PATCHhttps://github.com/mantisbt/mantisbt
- WEBhttp://openwall.com/lists/oss-security/2017/08/01/1
- WEBhttp://openwall.com/lists/oss-security/2017/08/01/2
- WEBhttps://github.com/mantisbt/mantisbt/commit/9b5b71dadbeeeec27efea59f562ac5bd6d2673b7
- WEBhttps://mantisbt.org/bugs/view.php?id=23166