CVE-2017-7309

Published Mar 31, 2017

Last updated 3 months ago

CVSS medium 4.8

Overview

Description: A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 4.8
Impact score: 2.7
Exploitability score: 1.7
Vector string: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.3.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC65E660-1F4A-4040-8C4D-197BD9081E73"
          },
          {
            "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF8D4B34-E00E-4137-8695-6C9C74980DC7"
          },
          {
            "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62C8D0CC-FB77-43B5-8A50-7F5C462E9771"
          },
          {
            "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29B09C56-E71E-4272-A47E-9CC530EEEA5F"
          },
          {
            "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7323557C-F23F-4A83-ADAD-889E3C8B0C74"
          },
          {
            "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11779871-2959-404C-A8A1-C35DACC3EC58"
          },
          {
            "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6BB766F-D8E9-4D1A-A877-2BF75C1E0D05"
          },
          {
            "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.3.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDEDA19B-58F9-4416-AF6A-8F1639D665CE"
          },
          {
            "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.3.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26A1E879-1D21-418E-A72E-287C7E977714"
          },
          {
            "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.3.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1519517-765C-4426-8C09-51EBD699EE2B"
          },
          {
            "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B537D8BB-944B-4B92-B48D-0CA5A2D01372"
          },
          {
            "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.0.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "541BD5B7-9F88-4B6A-A9D5-3BB182661EC8"
          },
          {
            "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.0.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBD43A80-1179-426B-AF21-AE8B29CA1E86"
          },
          {
            "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.0.0:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F39D6AB1-ECA5-4CE6-BBB3-570758AA715A"
          },
          {
            "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.0.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5202AE86-61A0-4146-BB18-5CD4F38A880C"
          },
          {
            "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.0.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A2965D7-794C-4451-9DB7-B5561B5E3254"
          },
          {
            "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39492D12-1A13-43CE-84A7-F5CCFB87D612"
          },
          {
            "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E6AF670-28C3-4D7E-9EB4-E0B366CE818E"
          },
          {
            "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "021CC8F4-B310-4DBF-9D50-B8A357158E4D"
          },
          {
            "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D73E7205-12E1-4C57-A120-91C4C0760305"
          },
          {
            "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "262EC0CC-0716-4AED-9255-13288A297879"
          },
          {
            "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2550F1FD-5104-4BAA-80F6-C6202D7326B4"
          },
          {
            "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AAFDE5FC-B891-4ACA-BCAB-83EB9D49C91F"
          },
          {
            "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F89D994-7F93-4839-8A57-F4CD633576E8"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References