CVE-2014-9272

Published January 9th, 2015

View on NVD ↗

CVSS v3

N/A

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly validate the URL protocol, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the javascript:// protocol.

mantisbt/mantisbt

Mantis Bug Tracker (MantisBT)

GitHub

1.78K