← Back

CVE-2017-6973

nvd nist
Published: Mar 31, 2017Modified: May 13, 2026

JSON object

Loading...
4.8
Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Exploitability: 1.7 / Impact: 2.7
Source: NVD

Description

A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2.

Affected (23)

Products: Mantisbt: Mantisbt
Mantisbt
1 product
Mantisbt
Configuration A
23 vulnerable
Vulnerable SoftwareAffected Versions
Mantisbt
Mantisbt
Version 1.3.0 rc2
Mantisbt
Version 1.3.1
Mantisbt
Version 1.3.2
Mantisbt
Version 1.3.3
Mantisbt
Version 1.3.4
Mantisbt
Version 1.3.5
Mantisbt
Version 1.3.6
Mantisbt
Version 1.3.7
Mantisbt
Version 1.3.8
Mantisbt
Version 1.3.9
Mantisbt
Version 2.0.0
Mantisbt
Version 2.0.0 beta1
Mantisbt
Version 2.0.0 beta2
Mantisbt
Version 2.0.0 beta3
Mantisbt
Version 2.0.0 rc1
Mantisbt
Version 2.0.0 rc2
Mantisbt
Version 2.0.1
Mantisbt
Version 2.1.0
Mantisbt
Version 2.1.1
Mantisbt
Version 2.1.2
Mantisbt
Version 2.1.3
Mantisbt
Version 2.2.0
Mantisbt
Version 2.2.1

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (8)

Source: cve@mitre.org
Mailing ListPatchThird Party Advisory
Source: cve@mitre.org
ExploitPatchVendor Advisory
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.