CVE-2018-14504

An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'foobar" onclick="alert(1)').

Published : 2018-08-03 18:29 Updated : 2018-10-02 20:20

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Mantisbt Mantisbt 2.0.0 cpe:/a:mantisbt:mantisbt:2.0.0:beta1
Mantisbt Mantisbt 2.0.0 cpe:/a:mantisbt:mantisbt:2.0.0:beta2
Mantisbt Mantisbt 2.0.0 cpe:/a:mantisbt:mantisbt:2.0.0:beta3
Mantisbt Mantisbt 2.0.0 cpe:/a:mantisbt:mantisbt:2.0.0:rc1
Mantisbt Mantisbt 2.0.0 cpe:/a:mantisbt:mantisbt:2.0.0:rc2
Mantisbt Mantisbt 2.0.1 cpe:/a:mantisbt:mantisbt:2.0.1
Mantisbt Mantisbt 2.1.0 cpe:/a:mantisbt:mantisbt:2.1.0
Mantisbt Mantisbt 2.1.1 cpe:/a:mantisbt:mantisbt:2.1.1
Mantisbt Mantisbt 2.1.2 cpe:/a:mantisbt:mantisbt:2.1.2
Mantisbt Mantisbt 2.1.3 cpe:/a:mantisbt:mantisbt:2.1.3
Mantisbt Mantisbt 2.2.0 cpe:/a:mantisbt:mantisbt:2.2.0
Mantisbt Mantisbt 2.2.1 cpe:/a:mantisbt:mantisbt:2.2.1
Mantisbt Mantisbt 2.2.2 cpe:/a:mantisbt:mantisbt:2.2.2
Mantisbt Mantisbt 2.2.3 cpe:/a:mantisbt:mantisbt:2.2.3
Mantisbt Mantisbt 2.2.4 cpe:/a:mantisbt:mantisbt:2.2.4
Mantisbt Mantisbt 2.3.0 cpe:/a:mantisbt:mantisbt:2.3.0
Mantisbt Mantisbt 2.3.1 cpe:/a:mantisbt:mantisbt:2.3.1
Mantisbt Mantisbt 2.3.2 cpe:/a:mantisbt:mantisbt:2.3.2
Mantisbt Mantisbt 2.3.3 cpe:/a:mantisbt:mantisbt:2.3.3
Mantisbt Mantisbt 2.4.0 cpe:/a:mantisbt:mantisbt:2.4.0
Mantisbt Mantisbt 2.4.1 cpe:/a:mantisbt:mantisbt:2.4.1
Mantisbt Mantisbt 2.4.2 cpe:/a:mantisbt:mantisbt:2.4.2
Mantisbt Mantisbt 2.5.0 cpe:/a:mantisbt:mantisbt:2.5.0
Mantisbt Mantisbt 2.5.1 cpe:/a:mantisbt:mantisbt:2.5.1
  1. Mantisbt (1) Search CVE
    1. Mantisbt (20) Search CVE
      1. 2.0.0
      2. 2.0.1
      3. 2.1.0
      4. 2.1.1
      5. 2.1.2
      6. 2.1.3
      7. 2.2.0
      8. 2.2.1
      9. 2.2.2
      10. 2.2.3
      11. 2.2.4
      12. 2.3.0
      13. 2.3.1
      14. 2.3.2
      15. 2.3.3
      16. 2.4.0
      17. 2.4.1
      18. 2.4.2
      19. 2.5.0
      20. 2.5.1

CWE

ID Name Description Links
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. CVE

History of changes

Date Event
2018-10-02 20:20
2018-08-03 18:29

New CVE