Bug ID 1051698
Summary VUL-0: CVE-2017-12062: mantis,mantisbt: XSS in manage_user_page.php
Classification openSUSE
Product openSUSE.org
Version unspecified
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component 3rd party software
Assignee astieger@suse.com
Reporter astieger@suse.com
QA Contact security-team@suse.de
Found By Security Response Team
Blocker --- 

CVE-2017-12062: XSS in manage_user_page.php

A cross-site scripting (XSS) vulnerability in the MantisBT
Manage User page allows remote attackers to inject arbitrary code (if
CSP settings permit it) through a crafted 'filter' parameter.

Affected versions: 2.1.0 through 2.5.1
Fixed in versions: 2.5.2, 2.6.0 (not yet released*)

Patch:
https://github.com/mantisbt/mantisbt/commit/9b5b71dadbeeeec27efea59f562ac5bd6d2673b7

Credits:
- Reported by Tr� Chim Tr�ch (https://twitter.com/trichimtrich)
- Fixed by Roland Becker (MantisBT Developer)

References:
- MantisBT issue tracker http://www.mantisbt.org/bugs/view.php?id=23166


* Releases 1.3.12, 2.5.2 and 2.6.0 are scheduled for release in the
coming week.

You are receiving this mail because: