CVE-2018-16514

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-16514

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16514.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-16514

Aliases

GHSA-3qv7-98vm-xx2v

Published

2019-06-20T14:15:10.813Z

Modified

2026-04-10T04:06:46.484308Z

Severity

4.7 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A cross-site scripting (XSS) vulnerability in the View Filters page (viewfilterspage.php) and Edit Filter page (managefiltereditpage.php) in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATHINFO. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-13055.

References

https://mantisbt.org/bugs/view.php?id=24731

Affected packages

Git / github.com/mantisbt/mantisbt

Affected ranges

Type

GIT

Repo

https://github.com/mantisbt/mantisbt

Events

Introduced

9f117fd951fbde716077b1453e0ecba9dbdc588a

Last affected

c6b2dd5b9e8b2f57b01a978a018e879269707be5

Database specific

{
    "versions": [
        {
            "introduced": "2.1.0"
        },
        {
            "last_affected": "2.17.0"
        }
    ]
}

Affected versions

release-2.*

release-2.1.0

release-2.10.0

release-2.11.0

release-2.12.0

release-2.13.0

release-2.14.0

release-2.15.0

release-2.16.0

release-2.17.0

release-2.2.0

release-2.3.0

release-2.4.0

release-2.5.0

release-2.6.0

release-2.7.0

release-2.8.0

release-2.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16514.json"