Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter.
References
Link | Resource |
---|---|
https://mantisbt.org/bugs/view.php?id=20956 | Exploit Patch Vendor Advisory |
https://github.com/mantisbt/mantisbt/commit/5068df2dcf79c34741c746c9b27e0083f2a374da | Patch |
https://github.com/mantisbt/mantisbt/commit/11ab3d6c82a1d3a89b1024f77349fb60a83743c5 | Patch |
http://www.openwall.com/lists/oss-security/2016/06/11/5 | Mailing List Patch Third Party Advisory |
Configurations
Information
Published : 2017-02-17 09:59
Updated : 2017-02-22 09:49
NVD link : CVE-2016-5364
Mitre link : CVE-2016-5364
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
mantisbt
- mantisbt