A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT prior to 1.3.7 and 2.x prior to 2.2.1 allows remote malicious users to inject arbitrary JavaScript via the 'action_type' parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mantisbt mantisbt |