CVE-2017-6973

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-6973

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6973.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-6973

Aliases

GHSA-v7qf-22rw-chph

Published

2017-03-31T04:59:00.220Z

Modified

2026-04-10T04:00:46.601314Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (admconfigreport.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2.

References

Affected packages

Git / github.com/mantisbt/mantisbt

Affected ranges

Type

GIT

Repo

https://github.com/mantisbt/mantisbt

Events

Introduced

Last affected

29d359f6ed26902bf8a45e21124f00b3fad3b95c

Introduced

Last affected

f4683bd1b2390174b4bbf6159c59ca92d2365485

Introduced

Last affected

5ee1976ce32ba01ab946e728d750161cc3dbdfa2

Introduced

Last affected

81ce69ccbbba1262e5e6d11ca36d6a26b46821ae

Introduced

Last affected

abf2982786ff44e8837374d6c80afcaffa92e170

Introduced

Last affected

0469fd5e6b5c043205015bb438638728068d35e0

Introduced

Last affected

c1d3abba777aa8d208b4119ff52de040ed59f578

Introduced

Last affected

ec7c8146c23e0630aaa933b057425eae1f5726d3

Introduced

Last affected

792b01007ddd972855598eb1654f718f1aad14b0

Introduced

Last affected

ac51f2a22377ec1cef40ae53048327d7ab2df33e

Introduced

Last affected

6aae5cbd3ced0df0bb165bfe67295a4ea27e58b5

Introduced

Last affected

9f117fd951fbde716077b1453e0ecba9dbdc588a

Introduced

Last affected

4d317bf6c92a2cf32644286b5f49b6c34988d973

Introduced

Last affected

67edb2ce5d720c28ebac4acf1d9d6f990c4eff99

Introduced

Last affected

d4d0e851fbf2ec38532e045d2acec22b0e544f53

Introduced

Last affected

b77f7b5783e270066cdf10dae36f6241ac1591c3

Introduced

Last affected

1abcbc10ea82aa36c2f2c2f38f43343d013749c4

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.9"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.1.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.1.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.1.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.1.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.1"
        }
    ]
}

Affected versions

release-1.*

release-1.2.0a1

release-1.2.0a2

release-1.2.0a3

release-1.2.0rc1

release-1.3.0

release-1.3.0-beta.1

release-1.3.0-beta.2

release-1.3.0-beta.3

release-1.3.0-rc.1

release-1.3.0-rc.2

release-1.3.1

release-1.3.2

release-1.3.3

release-1.3.4

release-1.3.5

release-1.3.6

release-1.3.7

release-1.3.8

release-1.3.9

release-2.*

release-2.0.0

release-2.0.0-beta.1

release-2.0.0-beta.2

release-2.0.0-beta.3

release-2.0.0-rc.1

release-2.0.0-rc.2

release-2.0.1

release-2.1.0

release-2.1.1

release-2.1.2

release-2.1.3

release-2.2.0

release-2.2.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6973.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.3.0-rc2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.0.0-beta1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.0.0-beta2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.0.0-beta3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.0.0-rc1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.0.0-rc2"
            }
        ]
    }
]