Description
Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via a project name.
References (5)
Core 5
Core References
Various Sources x_refsource_confirm
http://www.mantisbt.org/bugs/view.php?id=16513
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/98823
Exploit, Patch x_refsource_confirm
https://github.com/mantisbt/mantisbt/commit/0002d106a6cd35cb0a6fe03246531a4e3f32c9d0#diff-4122320b011a3291cd45da074a867076
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2013/q4/168
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/55305
Scores
EPSS
0.0021
EPSS Percentile
42.8%
Details
CWE
CWE-79
Status
published
Products (30)
mantisbt/mantisbt
1.0.0 (9 CPE variants)
mantisbt/mantisbt
1.0.1
mantisbt/mantisbt
1.0.2
mantisbt/mantisbt
1.0.3
mantisbt/mantisbt
1.0.4
mantisbt/mantisbt
1.0.5
mantisbt/mantisbt
1.0.6
mantisbt/mantisbt
1.0.7
mantisbt/mantisbt
1.0.8
mantisbt/mantisbt
1.0.9
... and 20 more
Published
Jan 10, 2014
Tracked Since
Feb 18, 2026