An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.
References
Link | Resource |
---|---|
https://mantisbt.org/blog/archives/mantisbt/699 | Release Notes Vendor Advisory |
https://mantisbt.org/bugs/view.php?id=28552 | Exploit Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-06-17T18:14:52
Updated: 2021-06-17T18:14:52
Reserved: 2021-05-24T00:00:00
Link: CVE-2021-33557
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-06-17T19:15:07.967
Modified: 2021-06-21T13:27:28.850
Link: CVE-2021-33557
JSON object: View
Redhat Information
No data.
CWE