Search for packages
| purl | pkg:composer/mantisbt/mantisbt@1.3.11 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-gnd3-529f-ube6
Aliases: CVE-2017-12061 GHSA-98xr-mmq5-vc5h |
MantisBT XSS allows unsanitized input via admin/install.php An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by the $f_database, $f_db_username, and $f_admin_username variables. This is mitigated by the fact that the admin/ folder should be deleted after installation, and also prevented by CSP. |
Affected by 0 other vulnerabilities. Affected by 35 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-05T21:24:08.122442+00:00 | GHSA Importer | Affected by | VCID-gnd3-529f-ube6 | https://github.com/advisories/GHSA-98xr-mmq5-vc5h | 38.6.0 |
| 2026-06-05T17:10:04.061918+00:00 | GitLab Importer | Fixing | VCID-xz9f-ksj8-3bhk | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mantisbt/mantisbt/CVE-2017-7620.yml | 38.6.0 |
| 2026-06-04T17:54:43.702036+00:00 | GithubOSV Importer | Fixing | VCID-xz9f-ksj8-3bhk | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9x76-mp7r-2xc5/GHSA-9x76-mp7r-2xc5.json | 38.6.0 |