Shodan
Vulnerabilities
Vulnerable Software
Mantisbt:  >> Mantisbt  >> 1.3.3  Security Vulnerabilities
CVE-2017-7309
A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3.
CVSS Score
4.8
EPSS Score
0.025
Published
2017-03-31
CVE-2017-7222
A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged access to MantisBT configuration management pages (i.e., administrator access rights) or altering the system configuration file (config_inc.php).
CVSS Score
6.1
EPSS Score
0.003
Published
2017-03-22
CVE-2017-6799
A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter.
CVSS Score
6.1
EPSS Score
0.007
Published
2017-03-10
CVE-2017-6797
A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter.
CVSS Score
6.1
EPSS Score
0.008
Published
2017-03-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved