Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/mantisbt/mantisbt@2.5.2
Typecomposer
Namespacemantisbt
Namemantisbt
Version2.5.2
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.15.1
Latest_non_vulnerable_version2.27.2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-gnd3-529f-ube6
vulnerability_id VCID-gnd3-529f-ube6
summary 
MantisBT XSS allows unsanitized input via admin/install.php
An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by the $f_database, $f_db_username, and $f_admin_username variables. This is mitigated by the fact that the admin/ folder should be deleted after installation, and also prevented by CSP.
references
0
reference_url https://github.com/mantisbt/mantisbt
reference_id
reference_type
scores
url https://github.com/mantisbt/mantisbt
1
reference_url https://github.com/mantisbt/mantisbt/commit/17f9b94f031ba93ae2a727bca0e68458ecd08fb0
reference_id
reference_type
scores
url https://github.com/mantisbt/mantisbt/commit/17f9b94f031ba93ae2a727bca0e68458ecd08fb0
2
reference_url https://github.com/mantisbt/mantisbt/commit/c73ae3d3d4dd4681489a9e697e8ade785e27cba5
reference_id
reference_type
scores
url https://github.com/mantisbt/mantisbt/commit/c73ae3d3d4dd4681489a9e697e8ade785e27cba5
3
reference_url https://mantisbt.org/bugs/view.php?id=23146
reference_id
reference_type
scores
url https://mantisbt.org/bugs/view.php?id=23146
4
reference_url https://web.archive.org/web/20170811053146/http://www.securitytracker.com/id/1039030
reference_id
reference_type
scores
url https://web.archive.org/web/20170811053146/http://www.securitytracker.com/id/1039030
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12061
reference_id CVE-2017-12061
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-12061
6
reference_url https://github.com/advisories/GHSA-98xr-mmq5-vc5h
reference_id GHSA-98xr-mmq5-vc5h
reference_type
scores
url https://github.com/advisories/GHSA-98xr-mmq5-vc5h
fixed_packages
0
url pkg:composer/mantisbt/mantisbt@1.3.12
purl pkg:composer/mantisbt/mantisbt@1.3.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@1.3.12
1
url pkg:composer/mantisbt/mantisbt@2.5.2
purl pkg:composer/mantisbt/mantisbt@2.5.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.5.2
aliases CVE-2017-12061, GHSA-98xr-mmq5-vc5h
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gnd3-529f-ube6
1
url VCID-qmgr-sz7u-7kam
vulnerability_id VCID-qmgr-sz7u-7kam
summary 
MantisBT vulnerable to XSS via unsanitized filter field in manage_user_page.php
An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled.
references
0
reference_url https://github.com/mantisbt/mantisbt
reference_id
reference_type
scores
url https://github.com/mantisbt/mantisbt
1
reference_url https://github.com/mantisbt/mantisbt/commit/9b5b71dadbeeeec27efea59f562ac5bd6d2673b7
reference_id
reference_type
scores
url https://github.com/mantisbt/mantisbt/commit/9b5b71dadbeeeec27efea59f562ac5bd6d2673b7
2
reference_url https://mantisbt.org/bugs/view.php?id=23166
reference_id
reference_type
scores
url https://mantisbt.org/bugs/view.php?id=23166
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12062
reference_id CVE-2017-12062
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-12062
4
reference_url https://github.com/advisories/GHSA-w93w-rx52-24qh
reference_id GHSA-w93w-rx52-24qh
reference_type
scores
url https://github.com/advisories/GHSA-w93w-rx52-24qh
fixed_packages
0
url pkg:composer/mantisbt/mantisbt@2.5.2
purl pkg:composer/mantisbt/mantisbt@2.5.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.5.2
aliases CVE-2017-12062, GHSA-w93w-rx52-24qh
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qmgr-sz7u-7kam
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.5.2