CVE-2017-6797

Published: Mar 10, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/mantisbt/mantisbt/commit/a2d90ecabf3bcf3aa22ed9dbbecfd3d37902956f

x_refsource_CONFIRM

1037978

vdb-entry

x_refsource_SECTRACK

http://www.mantisbt.org/bugs/view.php?id=22486

x_refsource_CONFIRM

96818

vdb-entry

x_refsource_BID

https://github.com/mantisbt/mantisbt/commit/c272c3f65da9677e505ff692b1f1e476b3afa56e

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2017/03/10/1

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-6797

Description

Affected Products

References