CVE-2022-28508 PoC — MantisBT 跨站脚本漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-28508.yaml

Associated Vulnerability

Title:MantisBT 跨站脚本漏洞 (CVE-2022-28508)
Description:MantisBT是Mantisbt团队的一套基于Web的开源缺陷跟踪系统。该系统以Web操作的形式提供项目管理及缺陷跟踪服务。 MantisBT 2.25.2之前版本存在安全漏洞，该漏洞源于browser_search_plugin.php中发现了跨站脚本攻击漏洞，return参数未转义输出。攻击者利用该漏洞将代码注入隐藏的输入字段。

Description

MantisBT before 2.25.2 contains a cross-site scripting vulnerability in browser_search_plugin.php. The application does not properly sanitize the 'type' parameter, which allows attackers to inject arbitrary web script or HTML via a crafted URL.

File Snapshot


 id: CVE-2022-28508

info:
  name: MantisBT < 2.25.2 - Cross-Site Scripting
  author: ritikchaddha
  

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!