CVE

Id
104042  
CVE No.
CVE-2017-7222  
Status
Candidate  
Description
A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT"s CSP settings permit it) by modifying "window_title" in the application configuration. This requires privileged access to MantisBT configuration management pages (i.e., administrator access rights) or altering the system configuration file (config_inc.php).  
Phase
Assigned (20170322)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
807016 104042 CVE-2017-7222 CONFIRM:http://github.com/mantisbt/mantisbt/commit/a85b0b96c8ebe3e010d0d016cf88ab3c8bfc196a  View

Related JVN