cvedb.io
CVE-2017-12062
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2017-08-01T15:29:00.593 · Last modified 2026-06-17T01:02:37.100

Summary

An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled.

Affected products

mantisbt — mantisbt

Does this affect you?

Add your gear to cvedb and we'll alert you only when mantisbt ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.