Back to search
CVE-2014-9271
Published: Jan 9, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
62101
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20141201 CVE Request: Multiple XSS vulnerabilities in MantisBT
mailing-list
x_refsource_MLIST
https://www.mantisbt.org/bugs/view.php?id=17874
x_refsource_CONFIRM
[oss-security] 20141204 Re: CVE Request: Multiple XSS vulnerabilities in MantisBT
mailing-list
x_refsource_MLIST
[oss-security] 20141205 Re: CVE Request: Multiple XSS vulnerabilities in MantisBT
mailing-list
x_refsource_MLIST
https://github.com/mantisbt/mantisbt/commit/9fb8cf36f
x_refsource_CONFIRM
DSA-3120
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now