Published: 24/06/2022 Updated: 06/07/2022

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

An XSS vulnerability in MantisBT prior to 2.25.5 allows remote malicious users to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download.php opens the SVG document in a browser tab instead of downloading it as a file, causing the JavaScript code to execute.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mantisbt mantisbt

GitHub for my GitBook : https://sharpforce.gitbook.io/cybersecurity/

🏠 Home myexpense-v12md La version 12 de MyExpense est maintenant disponible Il s'agit d'une mise à jour visant à améliorer le fonctionnement des scripts Selenium/Chrome qui simulent les utilisateurs de la plateforme L'adresse IP de la machine virtuelle est désormais également affichée au démarrage afin de

CWE-79 https://mantisbt.org/blog/archives/mantisbt/719 https://mantisbt.org/bugs/view.php?id=29135 https://mantisbt.org/bugs/view.php?id=30384 https://nvd.nist.gov https://github.com/Sharpforce/cybersecurity

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-33910

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect