CVE-2014-9272 in MantisBTजानकारी

सारांश

द्वारा MITRE

The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly validate the URL protocol, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the javascript:// protocol.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

आरक्षित करना

04/12/2014

प्रकटीकरण

09/01/2015

प्रविष्टि

VDB-73541

EPSS

0.01995

गतिविधियाँ

बहुत कम

क्षेत्र

Pharma, Finance, ...

स्रोत

Do you know our Splunk app?

Download it now for free!