Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-28508 PoC — MantisBT 跨站脚本漏洞

Source
https://github.com/YavuzSahbaz/CVE-2022-28508
Associated Vulnerability
Title:MantisBT 跨站脚本漏洞 (CVE-2022-28508)
Description:MantisBT是Mantisbt团队的一套基于Web的开源缺陷跟踪系统。该系统以Web操作的形式提供项目管理及缺陷跟踪服务。 MantisBT 2.25.2之前版本存在安全漏洞,该漏洞源于browser_search_plugin.php中发现了跨站脚本攻击漏洞,return参数未转义输出。攻击者利用该漏洞将代码注入隐藏的输入字段。
Description
CVE-2022-28508
File Snapshot

 [4.0K]  /data/pocs/a7eb750cae878b978ecc0f69e4ab1a6dc5699296
└── [2.0K]  MantisBT 2.25.2 XSS vulnurability

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.