CVE-2017-7897 in MantisBTinfo

Summary

A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x before 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted URL parameter, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

04/18/2017

Disclosure

04/18/2017

Moderation

VulDB entry created

Entries

VDB-99940 (1)

CPE

ready

CWE

CWE-79 (Confirmed)

CVSS

5.2

EPSS

0.00251

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-7897
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-7897
CVE Details	https://www.cvedetails.com/cve/CVE-2017-7897/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!