MantisBT 1.2.x prior to 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mantisbt mantisbt |