Vulnerabilities > Mantisbt > Mantisbt > 2.1.1

DATE CVE VULNERABILITY TITLE RISK
2017-03-31 CVE-2017-7241 Cross-site Scripting vulnerability in Mantisbt
A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) settings allows it.
network
mantisbt CWE-79
3.5
3.5
2017-03-31 CVE-2017-6973 Cross-site Scripting vulnerability in Mantisbt
A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter.
network
mantisbt CWE-79
3.5
3.5
2017-03-10 CVE-2017-6799 Cross-site Scripting vulnerability in Mantisbt
A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter.
network
mantisbt CWE-79
4.3
4.3
2017-03-10 CVE-2017-6797 Cross-site Scripting vulnerability in Mantisbt
A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter.
network
mantisbt CWE-79
4.3
4.3