CVE-2014-9269

Published January 9th, 2015

View on NVD ↗

CVSS v3

N/A

CVSS v2

2.6

LOW

Affected

PROJECT

Description

Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie.

mantisbt/mantisbt

Mantis Bug Tracker (MantisBT)

GitHub

1.78K