CVE-2018-17783

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-17783

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17783.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-17783

Aliases

GHSA-gcqw-45xq-xc63

Published

2018-10-30T18:29:00Z

Modified

2025-05-30T15:13:33.559020Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A cross-site scripting (XSS) vulnerability in the Edit Filter page (managefilteredit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.

References

Affected packages

Git / github.com/mantisbt/mantisbt

Affected ranges

Type: GIT
Repo: https://github.com/mantisbt/mantisbt
Events: Introduced

9f117fd951fbde716077b1453e0ecba9dbdc588a

Last affected

8182808598343c282db6f9c630d462070c54bf98

Affected versions

release-1.*

release-1.3.6

release-2.*

release-2.1.0

release-2.1.1

release-2.10.0

release-2.11.0

release-2.12.0

release-2.13.0

release-2.13.1

release-2.14.0

release-2.15.0

release-2.16.0

release-2.17.0

release-2.17.1

release-2.2.0

release-2.2.1

release-2.2.2

release-2.3.0

release-2.3.1

release-2.3.2

release-2.4.0

release-2.4.1

release-2.5.0

release-2.5.1

release-2.6.0

release-2.7.0

release-2.8.0

release-2.9.0