A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote malicious users to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
mantisbt mantisbt 2.0.1 |
||
mantisbt mantisbt 2.1.0 |
||
mantisbt mantisbt 2.0.0 |
||
mantisbt mantisbt 1.3.7 |
||
mantisbt mantisbt 1.3.8 |
||
mantisbt mantisbt 2.2.1 |
||
mantisbt mantisbt 2.1.3 |
||
mantisbt mantisbt 1.3.5 |
||
mantisbt mantisbt 1.3.6 |
||
mantisbt mantisbt 2.1.1 |
||
mantisbt mantisbt 2.1.2 |
||
mantisbt mantisbt 1.3.1 |
||
mantisbt mantisbt 1.3.2 |
||
mantisbt mantisbt 1.3.9 |
||
mantisbt mantisbt 1.3.0 |
||
mantisbt mantisbt 2.2.2 |
||
mantisbt mantisbt 2.2.0 |
||
mantisbt mantisbt 1.3.3 |
||
mantisbt mantisbt 1.3.4 |
Vulmon