Mantis MantisBT Bug Tracker adm_config_report.php move_attachments_page.php XSS (CVE-2017-7309)
Three cross-site scripting vulnerabilities exist in Mantis Bug Tracker (MantisBT). These vulnerabilities are due to insufficient input validation of the action, type and config_option HTTP parameters by adm_config_report.php and move_attachments_page.php. A remote attacker could exploit this vulnerability by enticing a target user to click on a specially crafted URL in an entry on the server.
from Check Point Update Services Advisories http://ift.tt/2t9iMfr
from Check Point Update Services Advisories http://ift.tt/2t9iMfr
Comments
Post a Comment