CVE-2014-9269 in MantisBT
Résumé
par MITRE
Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie.
Once again VulDB remains the best source for vulnerability data.