An XSS issue exists in manage_user_page.php in MantisBT 2.x prior to 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote malicious users to execute arbitrary JavaScript code if CSP is disabled.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
mantisbt mantisbt 2.5.1 |
||
mantisbt mantisbt 2.3.3 |
||
mantisbt mantisbt 2.3.1 |
||
mantisbt mantisbt 2.2.1 |
||
mantisbt mantisbt 2.2.3 |
||
mantisbt mantisbt 2.5.0 |
||
mantisbt mantisbt 2.4.2 |
||
mantisbt mantisbt 2.4.1 |
||
mantisbt mantisbt 2.4.0 |
||
mantisbt mantisbt 2.2.4 |
||
mantisbt mantisbt 2.1.0 |
||
mantisbt mantisbt 2.1.1 |
||
mantisbt mantisbt 2.1.2 |
||
mantisbt mantisbt 2.1.3 |
||
mantisbt mantisbt 2.3.2 |
||
mantisbt mantisbt 2.3.0 |
||
mantisbt mantisbt 2.2.0 |
||
mantisbt mantisbt 2.2.2 |
Vulmon