Security Advisory
CVE-2021-43257
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel.