Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation
Vulnerability Description
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In version 2.28.0, when deleting a Tag (tag_delete.php), improper escaping of its name when displaying the confirmation message allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript. Version 2.28.1 fixes the issue. Workarounds include reverting commit d6890320752ecf37bd74d11fe14fe7dc12335be9 and/or manually editing language files to remove the sprintf placeholder `%1$s` from `$s_tag_delete_message` string.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Mantis Bug Tracker 跨站脚本漏洞
Vulnerability Description
Mantis Bug Tracker(MantisBT)是Mantis Bug Tracker开源的一个 bug 跟踪器。 Mantis Bug Tracker 2.28.0版本存在跨站脚本漏洞,该漏洞源于删除标签时名称转义不当,可能导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A