CVE-2017-7222

Published: Mar 22, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged access to MantisBT configuration management pages (i.e., administrator access rights) or altering the system configuration file (config_inc.php).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://mantisbt.org/bugs/view.php?id=22266

x_refsource_CONFIRM

http://github.com/mantisbt/mantisbt/commit/a85b0b96c8ebe3e010d0d016cf88ab3c8bfc196a

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-7222

Description

Affected Products

References