MantisBT.Adm.Config.Report.And.Move.Attachments.XSS

description-logoDescription

This indicates an attack attempt to exploit a Cross-Site Scripting vulnerability in Mantis Bug Tracker.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling a crafted HTTP request. A remote attacker can exploit this to execute arbitrary script code within the context of the user's browser.

affected-products-logoAffected Products

Mantis MantisBT 1.3.x prior to 1.3.9
Mantis MantisBT 2.1.x prior to 2.1.3
Mantis MantisBT 2.2.x prior to 2.2.3

Impact logoImpact

System Compromise: Remote attackers can execute arbitrary script code within the context of the target user's browser

recomended-action-logoRecommended Actions

Apply patch available from the website.
http://www.mantisbt.org/bugs/view.php?id=22579

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)