1
Candidate: CVE-2017-7241
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7241
5
http://www.openwall.com/lists/oss-security/2017/03/30/4
6
http://openwall.com/lists/oss-security/2017/03/30/4
7
http://www.mantisbt.org/bugs/view.php?id=22568
9
A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments
10
page (move_attachments_page.php, part of admin tools) allows remote
11
attackers to inject arbitrary code through a crafted 'type' parameter, if
12
Content Security Protection (CSP) settings allows it. This is fixed in
13
1.3.9, 2.1.3, and 2.2.3. Note that this vulnerability is not exploitable if
14
the admin tools directory is removed, as recommended in the
15
"Post-installation and upgrade tasks" of the MantisBT Admin Guide. A
16
reminder to do so is also displayed on the login page.
25
upstream_mantis: needs-triage
26
precise_mantis: ignored (reached end-of-life)
27
precise/esm_mantis: DNE (precise was needs-triage)
29
vivid/stable-phone-overlay_mantis: DNE
30
vivid/ubuntu-core_mantis: DNE