CVE-2017-7241

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-7241
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7241.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-7241
Aliases
Published
2017-03-31T04:59:00.250Z
Modified
2026-03-14T09:24:02.943191Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (moveattachmentspage.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) settings allows it. This is fixed in 1.3.9, 2.1.3, and 2.2.3. Note that this vulnerability is not exploitable if the admin tools directory is removed, as recommended in the "Post-installation and upgrade tasks" of the MantisBT Admin Guide. A reminder to do so is also displayed on the login page.

References

Affected packages

Git / github.com/mantisbt/mantisbt

Affected ranges

Type
GIT
Repo
https://github.com/mantisbt/mantisbt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7ab63938f1884bd905984a959200da1be2727bc4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
687aa3afcf05853a15ef91a57b2c6d68f40cfaac
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5616fcf7cb35b6f035e0ec73654295fd5d80e80c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b99755ca58e34d137e55687467f2cfd51d1f7c1a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
45df5c0e9aa579b54b7ca390a74c9495ea4df311
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
29d359f6ed26902bf8a45e21124f00b3fad3b95c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f4683bd1b2390174b4bbf6159c59ca92d2365485
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5ee1976ce32ba01ab946e728d750161cc3dbdfa2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
81ce69ccbbba1262e5e6d11ca36d6a26b46821ae
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
abf2982786ff44e8837374d6c80afcaffa92e170
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0469fd5e6b5c043205015bb438638728068d35e0
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c1d3abba777aa8d208b4119ff52de040ed59f578
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ec7c8146c23e0630aaa933b057425eae1f5726d3
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
792b01007ddd972855598eb1654f718f1aad14b0
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ac51f2a22377ec1cef40ae53048327d7ab2df33e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6aae5cbd3ced0df0bb165bfe67295a4ea27e58b5
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9f117fd951fbde716077b1453e0ecba9dbdc588a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4d317bf6c92a2cf32644286b5f49b6c34988d973
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
67edb2ce5d720c28ebac4acf1d9d6f990c4eff99
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d4d0e851fbf2ec38532e045d2acec22b0e544f53
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b77f7b5783e270066cdf10dae36f6241ac1591c3
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1abcbc10ea82aa36c2f2c2f38f43343d013749c4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5e95a5db5f445ec39868b341a73416a8f9008c35
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a954bbdc7e53b98dcac51fcf8bc6cb41deaa0028
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0c6dde3dea2ea43d1d38f72f44834436c6dd4d74
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.2.16"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.2.17"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.2.18"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.2.19"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.2.20"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.9"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.1.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.1.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.1.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.1.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.0"
        }
    ]
}

Affected versions

release-1.*
release-1.2.0a1
release-1.2.0a2
release-1.2.0a3
release-1.2.0rc1
release-1.3.0
release-1.3.0-beta.1
release-1.3.0-beta.2
release-1.3.0-beta.3
release-1.3.0-rc.1
release-1.3.0-rc.2
release-1.3.1

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.3.0-beta1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.3.0-beta2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.3.0-beta3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.3.0-rc1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.3.0-rc2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.0.0-beta1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.0.0-beta2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.0.0-beta3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.0.0-rc1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.0.0-rc2"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7241.json"