CVE-2014-8986 in MantisBTinfo

Summary

Cross-site scripting (XSS) vulnerability in the selection list in the filters in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via a crafted config option, a different vulnerability than CVE-2014-8987.

Reservation

11/19/2014

Disclosure

11/24/2014

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
72981MantisBT adm_config_report.php cross site scripting79Not definedOfficial fixCVE-2014-8986

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!