Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MantisBT 1.2.13 <= 1.2.19 XSS



The remote web server is hosting an outdated web application that is vulnerable to multiple cross-site scripting attacks.


The remote web server is hosting MantisBT, an open source bug tracking application written in PHP.

Versions of MantisBT 1.2.13 through 1.2.19 are affected by two cross-site scripting vulnerabilities in the 'adm_config_report.php' script due to lack of user input sanitization. Specifically, this issue affects the 'filter_config_id' parameter of the 'adm_config_report.php' script. Additionally, user-supplied input when saving form variable filters are not checked for validity when passed to the script. This could allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between the browser and server.


Upgrade to MantisBT 1.2.20 or later.