icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Mantis 1.2.x < 1.2.2 Cross-Site Scripting Vulnerability

High

Synopsis

The remote web server is hosting a web application that is vulnerable to a cross-site scripting attack.

Description

The remote web server is hosting Mantis, an open source bugtracking application written in PHP. Versions of Mantis 1.2.x are potentially affected by a cross-site scripting vulnerability. The application does not properly validate inline attachments before rendering them. An attacker, exploiting this flaw, could execute arbitrary script code in a users browser.

Solution

Upgrade to Mantis 1.2.2 or later.