Back to search
CVE-2018-14504
Published: Aug 3, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'foobar" onclick="alert(1)').
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://mantisbt.org/bugs/view.php?id=24608
x_refsource_CONFIRM
https://mantisbt.org/blog/archives/mantisbt/602
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now