icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Mantis < 0.18.3 / 0.19.0a2 Multiple Vulnerabilities

Medium

Synopsis

The remote host is vulnerable to an HTML injection attack.

Description

The remote host seems to be running a vulnerable version of Mantis, a bug tracker web application written in PHP. It is reported that versions up to 0.18.0 and 0.19.0a1 are prone to multiple flaws that may allow a remote attacker to inject malicious HTML in webpages, to execute arbitrary code on the remote host or to perform a mass mailing.

Solution

Upgrade to Mantis version 0.18.3 or 0.19.0a2 or higher.