A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filter_edit_page.php) in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-13055.
References
Link | Resource |
---|---|
https://mantisbt.org/bugs/view.php?id=24731 | Exploit Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-06-20T13:18:36
Updated: 2019-06-20T13:18:36
Reserved: 2018-09-05T00:00:00
Link: CVE-2018-16514
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-06-20T14:15:10.813
Modified: 2019-06-21T16:12:17.273
Link: CVE-2018-16514
JSON object: View
Redhat Information
No data.
CWE