CVE-2017-7309

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-7309
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7309.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-7309
Aliases
Published
2017-03-31T04:59:00Z
Modified
2025-06-09T22:42:04.946067Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (admconfigreport.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3.

References

Affected packages

Git / github.com/mantisbt/mantisbt

Affected ranges

Type
GIT
Repo
https://github.com/mantisbt/mantisbt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0469fd5e6b5c043205015bb438638728068d35e0
Last affected
1abcbc10ea82aa36c2f2c2f38f43343d013749c4
Last affected
29d359f6ed26902bf8a45e21124f00b3fad3b95c
Last affected
4d317bf6c92a2cf32644286b5f49b6c34988d973
Last affected
5e95a5db5f445ec39868b341a73416a8f9008c35
Last affected
5ee1976ce32ba01ab946e728d750161cc3dbdfa2
Last affected
67edb2ce5d720c28ebac4acf1d9d6f990c4eff99
Last affected
6aae5cbd3ced0df0bb165bfe67295a4ea27e58b5
Last affected
792b01007ddd972855598eb1654f718f1aad14b0
Last affected
81ce69ccbbba1262e5e6d11ca36d6a26b46821ae
Last affected
9f117fd951fbde716077b1453e0ecba9dbdc588a
Last affected
abf2982786ff44e8837374d6c80afcaffa92e170
Last affected
ac51f2a22377ec1cef40ae53048327d7ab2df33e
Last affected
b77f7b5783e270066cdf10dae36f6241ac1591c3
Last affected
c1d3abba777aa8d208b4119ff52de040ed59f578
Last affected
d4d0e851fbf2ec38532e045d2acec22b0e544f53
Last affected
ec7c8146c23e0630aaa933b057425eae1f5726d3
Last affected
f4683bd1b2390174b4bbf6159c59ca92d2365485

Affected versions

release-1.*

release-1.2.0a1
release-1.2.0a2
release-1.2.0a3
release-1.2.0rc1
release-1.3.0
release-1.3.0-beta.1
release-1.3.0-beta.2
release-1.3.0-beta.3
release-1.3.0-rc.1
release-1.3.0-rc.2
release-1.3.1
release-1.3.2
release-1.3.3
release-1.3.4
release-1.3.5
release-1.3.6