CVE-2017-6973
Published Mar 31, 2017
Last updated 7 years ago
Overview
- Description
- A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 4.8
- Impact score
- 2.7
- Exploitability score
- 1.7
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 3.5
- Impact score
- 2.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.3.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC65E660-1F4A-4040-8C4D-197BD9081E73" }, { "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF8D4B34-E00E-4137-8695-6C9C74980DC7" }, { "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62C8D0CC-FB77-43B5-8A50-7F5C462E9771" }, { "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29B09C56-E71E-4272-A47E-9CC530EEEA5F" }, { "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7323557C-F23F-4A83-ADAD-889E3C8B0C74" }, { "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11779871-2959-404C-A8A1-C35DACC3EC58" }, { "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6BB766F-D8E9-4D1A-A877-2BF75C1E0D05" }, { "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDEDA19B-58F9-4416-AF6A-8F1639D665CE" }, { "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.3.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26A1E879-1D21-418E-A72E-287C7E977714" }, { "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.3.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1519517-765C-4426-8C09-51EBD699EE2B" }, { "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B537D8BB-944B-4B92-B48D-0CA5A2D01372" }, { "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.0.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "541BD5B7-9F88-4B6A-A9D5-3BB182661EC8" }, { "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.0.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBD43A80-1179-426B-AF21-AE8B29CA1E86" }, { "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.0.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F39D6AB1-ECA5-4CE6-BBB3-570758AA715A" }, { "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.0.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5202AE86-61A0-4146-BB18-5CD4F38A880C" }, { "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.0.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A2965D7-794C-4451-9DB7-B5561B5E3254" }, { "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39492D12-1A13-43CE-84A7-F5CCFB87D612" }, { "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E6AF670-28C3-4D7E-9EB4-E0B366CE818E" }, { "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "021CC8F4-B310-4DBF-9D50-B8A357158E4D" }, { "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D73E7205-12E1-4C57-A120-91C4C0760305" }, { "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "262EC0CC-0716-4AED-9255-13288A297879" }, { "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2550F1FD-5104-4BAA-80F6-C6202D7326B4" }, { "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAFDE5FC-B891-4ACA-BCAB-83EB9D49C91F" } ], "operator": "OR" } ] } ]