Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by the $f_database, $f_db_username, and $f_admin_username variables. This is mitigated by the fact that the admin/ folder should be deleted after installation, and also prevented by CSP.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MantisBT 跨站脚本漏洞
Vulnerability Description
MantisBT是MantisBT团队的一套基于Web的开源缺陷跟踪系统。该系统以Web操作的形式提供项目管理及缺陷跟踪服务。 MantisBT 2.5.2之前的2.x版本和1.3.12之前的版本中的admin/install.php文件存在跨站脚本漏洞,该漏洞源于在输出之前,程序没有正确的过滤变量。远程攻击者可利用该漏洞注入任意的JavaScript代码。
CVSS Information
N/A
Vulnerability Type
N/A