Security Advisory

CVE-2019-15539

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-03-19 18:20:08

Last updated 2024-08-05 00:49:13

Assigner mitre

State PUBLISHED

Description

The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed when editing the documents page.

← Browse all CVEs View on cve.org ↗