CVSS Base Vector:
This host is installed with MantisBT and is
prone to a cross-site-scripting vulnerability.
Checks if a vulnerable version is present on the target host.
The flaw is due to:
- An input validation error for PATH_INFO in the View Filters page
- An input validation error in the Edit Filter page(manage_filter_edit_page.php).
Successful exploitation will allow remote
attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO.
NOTE: This vulnerability exists because of an incomplete fix for CVE-2018-13055.
MantisBT version 2.1.0 through 2.17.0.
Upgrade to MantisBT version 2.17.1 or later. Please see the references for more information.
Remote Banner Unreliable
Web application abuses
Find and Fix this Vulnerability:
Mageni can help you to find out if you have this or more vulnerabilities exposing you to hackers, ransomware and malware: Download Mageni's Free Edition
NVD CVE ID: