Vulnerability Details CVE-2016-5364
Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.7%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://www.openwall.com/lists/oss-security/2016/06/11/5
- https://github.com/mantisbt/mantisbt/commit/11ab3d6c82a1d3a89b1024f77349fb60a83743c5
- https://github.com/mantisbt/mantisbt/commit/5068df2dcf79c34741c746c9b27e0083f2a374da
- https://mantisbt.org/bugs/view.php?id=20956
- http://www.openwall.com/lists/oss-security/2016/06/11/5
- https://github.com/mantisbt/mantisbt/commit/11ab3d6c82a1d3a89b1024f77349fb60a83743c5
- https://github.com/mantisbt/mantisbt/commit/5068df2dcf79c34741c746c9b27e0083f2a374da
- https://mantisbt.org/bugs/view.php?id=20956
Products affected by CVE-2016-5364
-
cpe:2.3:a:mantisbt:mantisbt:-
-
cpe:2.3:a:mantisbt:mantisbt:0.18.0
-
cpe:2.3:a:mantisbt:mantisbt:0.19.0
-
cpe:2.3:a:mantisbt:mantisbt:0.19.1
-
cpe:2.3:a:mantisbt:mantisbt:0.19.2
-
cpe:2.3:a:mantisbt:mantisbt:0.19.3
-
cpe:2.3:a:mantisbt:mantisbt:0.19.4
-
cpe:2.3:a:mantisbt:mantisbt:0.19.5
-
cpe:2.3:a:mantisbt:mantisbt:1.0.0
-
cpe:2.3:a:mantisbt:mantisbt:1.0.1
-
cpe:2.3:a:mantisbt:mantisbt:1.0.2
-
cpe:2.3:a:mantisbt:mantisbt:1.0.3
-
cpe:2.3:a:mantisbt:mantisbt:1.0.4
-
cpe:2.3:a:mantisbt:mantisbt:1.0.5
-
cpe:2.3:a:mantisbt:mantisbt:1.0.6
-
cpe:2.3:a:mantisbt:mantisbt:1.0.7
-
cpe:2.3:a:mantisbt:mantisbt:1.0.8
-
cpe:2.3:a:mantisbt:mantisbt:1.0.9
-
cpe:2.3:a:mantisbt:mantisbt:1.1.0
-
cpe:2.3:a:mantisbt:mantisbt:1.1.1
-
cpe:2.3:a:mantisbt:mantisbt:1.1.2
-
cpe:2.3:a:mantisbt:mantisbt:1.1.3
-
cpe:2.3:a:mantisbt:mantisbt:1.1.4
-
cpe:2.3:a:mantisbt:mantisbt:1.1.5
-
cpe:2.3:a:mantisbt:mantisbt:1.1.6
-
cpe:2.3:a:mantisbt:mantisbt:1.1.7
-
cpe:2.3:a:mantisbt:mantisbt:1.1.8
-
cpe:2.3:a:mantisbt:mantisbt:1.1.9
-
cpe:2.3:a:mantisbt:mantisbt:1.2.0
-
cpe:2.3:a:mantisbt:mantisbt:1.2.1
-
cpe:2.3:a:mantisbt:mantisbt:1.2.10
-
cpe:2.3:a:mantisbt:mantisbt:1.2.11
-
cpe:2.3:a:mantisbt:mantisbt:1.2.12
-
cpe:2.3:a:mantisbt:mantisbt:1.2.13
-
cpe:2.3:a:mantisbt:mantisbt:1.2.14
-
cpe:2.3:a:mantisbt:mantisbt:1.2.15
-
cpe:2.3:a:mantisbt:mantisbt:1.2.16
-
cpe:2.3:a:mantisbt:mantisbt:1.2.17
-
cpe:2.3:a:mantisbt:mantisbt:1.2.18
-
cpe:2.3:a:mantisbt:mantisbt:1.2.19
-
cpe:2.3:a:mantisbt:mantisbt:1.2.2
-
cpe:2.3:a:mantisbt:mantisbt:1.2.3
-
cpe:2.3:a:mantisbt:mantisbt:1.2.4
-
cpe:2.3:a:mantisbt:mantisbt:1.2.5
-
cpe:2.3:a:mantisbt:mantisbt:1.2.6
-
cpe:2.3:a:mantisbt:mantisbt:1.2.7
-
cpe:2.3:a:mantisbt:mantisbt:1.2.8
-
cpe:2.3:a:mantisbt:mantisbt:1.2.9