The Timeline feature in ... CVE-2019-15074

6.8 AV AC AU C I A
发布: 2019-08-21
修订: 2019-09-10

The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed for any user having visibility to the issue, whenever My View Page is displayed.

0%
暂无可用Exp或PoC
当前有19条受影响产品信息