CVE-2017-12062

Publication date

2017-08-01 15:00:00

Family

mitre

State

PUBLISHED

Description

An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The filter field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled.