Back to search
CVE-2017-7897
Published: Apr 18, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x before 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote attackers to inject arbitrary code (if CSP settings permit it) through crafted PATH_INFO in a URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.mantisbt.org/bugs/view.php?id=22742
x_refsource_CONFIRM
1038278
vdb-entry
x_refsource_SECTRACK
https://github.com/mantisbt/mantisbt/pull/1094
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now