GHSA-gcqw-45xq-xc63

Source

https://github.com/advisories/GHSA-gcqw-45xq-xc63

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gcqw-45xq-xc63/GHSA-gcqw-45xq-xc63.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-gcqw-45xq-xc63

Aliases

CVE-2018-17783

Published

2022-05-14T01:52:00Z

Modified

2025-05-30T15:13:33.559020Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

MantisBT allows XSS via Edit Filter page

Details

A cross-site scripting (XSS) vulnerability in the Edit Filter page (managefilteredit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.

Database specific

{
    "github_reviewed_at": "2025-05-30T14:36:34Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "nvd_published_at": "2018-10-30T18:29:00Z",
    "severity": "MODERATE",
    "github_reviewed": true
}

References

Affected packages

Packagist / mantisbt/mantisbt

Package

Name: mantisbt/mantisbt
Purl: pkg:composer/mantisbt/mantisbt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1.0

Fixed

2.17.2

Affected versions

2.*

2.3.0

2.3.1

2.3.2

2.3.3

2.4.0

2.4.1

2.4.2

2.5.0

2.5.1

2.5.2

2.6.0

2.7.0

2.7.1

2.8.0

2.8.1

2.9.0

2.9.1

2.10.0

2.10.1

2.11.0

2.11.1

2.12.0

2.12.1

2.12.2

2.13.0

2.13.1

2.13.2

2.14.0

2.15.0

2.15.1

2.16.0

2.16.1

2.17.0

2.17.1