Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 17 Mar 2017 09:08:39 +0100
From: Damien Regad <>
Subject: Advisory: XSS in MantisBT Source Integration Plugin (CVE-2017-6958)

A cross-site scripting (XSS) vulnerability in the MantisBT Source
Integration plugin search result page allows remote attackers to inject
arbitrary HTML or JavaScript (the latter, only if MantisBT's CSP settings
permit it) by crafting any valid parameter.

Affected versions: 2.0.0-beta.1 through 2.0.1
Fixed in versions: 2.0.2 (released 2017-03-16)


Reported by Dmitry Ivanov (d1m0ck)
Fixed by Damien Regad

- Initial report
- Issue tracker
- Release


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.