Vulnerabilities > Mantisbt > Mantisbt > 2.2.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-31 | CVE-2017-7241 | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) settings allows it. | 3.5 |