{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43766?format=json","vulnerability_id":"VCID-gnd3-529f-ube6","summary":"MantisBT XSS allows unsanitized input via admin/install.php\nAn XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by the $f_database, $f_db_username, and $f_admin_username variables. This is mitigated by the fact that the admin/ folder should be deleted after installation, and also prevented by CSP.","aliases":[{"alias":"CVE-2017-12061"},{"alias":"GHSA-98xr-mmq5-vc5h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62831?format=json","purl":"pkg:composer/mantisbt/mantisbt@2.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n7b-6pyz-cka5"},{"vulnerability":"VCID-1nq1-6hwz-7kcq"},{"vulnerability":"VCID-1v33-u5bm-pyem"},{"vulnerability":"VCID-516n-s5ts-eyg8"},{"vulnerability":"VCID-5mtg-nbrw-jyhp"},{"vulnerability":"VCID-6tnt-m23j-pyhv"},{"vulnerability":"VCID-843s-1vx7-nueb"},{"vulnerability":"VCID-8676-5hmd-s3hm"},{"vulnerability":"VCID-8cnw-f9a5-aygc"},{"vulnerability":"VCID-8hsn-cvrk-1uh5"},{"vulnerability":"VCID-8wux-1k2d-sbam"},{"vulnerability":"VCID-d3yt-mkwe-33hu"},{"vulnerability":"VCID-dy4y-w8g5-9udt"},{"vulnerability":"VCID-ed8g-bc8k-dkgq"},{"vulnerability":"VCID-fwyx-hjd4-b7hh"},{"vulnerability":"VCID-hxaw-gp24-9kfv"},{"vulnerability":"VCID-hz9e-tmbf-uydt"},{"vulnerability":"VCID-jpyg-rbg3-rybh"},{"vulnerability":"VCID-jqsn-z754-57ek"},{"vulnerability":"VCID-jtj9-ccw1-8kd1"},{"vulnerability":"VCID-kh1w-q4tc-6yhd"},{"vulnerability":"VCID-m956-44xf-2qfz"},{"vulnerability":"VCID-mubw-sf3f-n3fg"},{"vulnerability":"VCID-n3nu-aawj-s7af"},{"vulnerability":"VCID-qazy-c4se-fyfb"},{"vulnerability":"VCID-smvy-4xzy-4fbq"},{"vulnerability":"VCID-stgp-f24d-qqdp"},{"vulnerability":"VCID-uk44-j13d-43ce"},{"vulnerability":"VCID-uyk7-6syy-m7c3"},{"vulnerability":"VCID-uzm1-jgsr-ufeg"},{"vulnerability":"VCID-w3u1-um27-1uay"},{"vulnerability":"VCID-x9k5-hczy-u3cd"},{"vulnerability":"VCID-y7ms-qz8n-3ugn"},{"vulnerability":"VCID-ybzq-wt16-3bc2"},{"vulnerability":"VCID-yhf6-qthy-nqb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.5.2"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/150794?format=json","purl":"pkg:composer/mantisbt/mantisbt@1.3.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gnd3-529f-ube6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@1.3.11"},{"url":"http://public2.vulnerablecode.io/api/packages/62700?format=json","purl":"pkg:composer/mantisbt/mantisbt@2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v33-u5bm-pyem"},{"vulnerability":"VCID-7rw5-pdgb-nqhd"},{"vulnerability":"VCID-dy4y-w8g5-9udt"},{"vulnerability":"VCID-f6up-847f-duef"},{"vulnerability":"VCID-gnd3-529f-ube6"},{"vulnerability":"VCID-m7ur-m19k-vba4"},{"vulnerability":"VCID-qmgr-sz7u-7kam"},{"vulnerability":"VCID-xz9f-ksj8-3bhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/62701?format=json","purl":"pkg:composer/mantisbt/mantisbt@2.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n7b-6pyz-cka5"},{"vulnerability":"VCID-1nq1-6hwz-7kcq"},{"vulnerability":"VCID-1v33-u5bm-pyem"},{"vulnerability":"VCID-516n-s5ts-eyg8"},{"vulnerability":"VCID-5mtg-nbrw-jyhp"},{"vulnerability":"VCID-6tnt-m23j-pyhv"},{"vulnerability":"VCID-843s-1vx7-nueb"},{"vulnerability":"VCID-8676-5hmd-s3hm"},{"vulnerability":"VCID-8cnw-f9a5-aygc"},{"vulnerability":"VCID-8hsn-cvrk-1uh5"},{"vulnerability":"VCID-8wux-1k2d-sbam"},{"vulnerability":"VCID-cryg-7p4f-xyhh"},{"vulnerability":"VCID-d3yt-mkwe-33hu"},{"vulnerability":"VCID-dy4y-w8g5-9udt"},{"vulnerability":"VCID-ed8g-bc8k-dkgq"},{"vulnerability":"VCID-f6up-847f-duef"},{"vulnerability":"VCID-fwyx-hjd4-b7hh"},{"vulnerability":"VCID-gnd3-529f-ube6"},{"vulnerability":"VCID-hxaw-gp24-9kfv"},{"vulnerability":"VCID-hz9e-tmbf-uydt"},{"vulnerability":"VCID-jpyg-rbg3-rybh"},{"vulnerability":"VCID-jqsn-z754-57ek"},{"vulnerability":"VCID-jtj9-ccw1-8kd1"},{"vulnerability":"VCID-kh1w-q4tc-6yhd"},{"vulnerability":"VCID-m956-44xf-2qfz"},{"vulnerability":"VCID-mubw-sf3f-n3fg"},{"vulnerability":"VCID-n3nu-aawj-s7af"},{"vulnerability":"VCID-qazy-c4se-fyfb"},{"vulnerability":"VCID-qmgr-sz7u-7kam"},{"vulnerability":"VCID-smvy-4xzy-4fbq"},{"vulnerability":"VCID-stgp-f24d-qqdp"},{"vulnerability":"VCID-uk44-j13d-43ce"},{"vulnerability":"VCID-uyk7-6syy-m7c3"},{"vulnerability":"VCID-uzm1-jgsr-ufeg"},{"vulnerability":"VCID-w3u1-um27-1uay"},{"vulnerability":"VCID-x9k5-hczy-u3cd"},{"vulnerability":"VCID-xz9f-ksj8-3bhk"},{"vulnerability":"VCID-y7ms-qz8n-3ugn"},{"vulnerability":"VCID-ybzq-wt16-3bc2"},{"vulnerability":"VCID-yhf6-qthy-nqb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/62704?format=json","purl":"pkg:composer/mantisbt/mantisbt@2.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n7b-6pyz-cka5"},{"vulnerability":"VCID-1nq1-6hwz-7kcq"},{"vulnerability":"VCID-1v33-u5bm-pyem"},{"vulnerability":"VCID-516n-s5ts-eyg8"},{"vulnerability":"VCID-5mtg-nbrw-jyhp"},{"vulnerability":"VCID-6tnt-m23j-pyhv"},{"vulnerability":"VCID-843s-1vx7-nueb"},{"vulnerability":"VCID-8676-5hmd-s3hm"},{"vulnerability":"VCID-8cnw-f9a5-aygc"},{"vulnerability":"VCID-8hsn-cvrk-1uh5"},{"vulnerability":"VCID-8wux-1k2d-sbam"},{"vulnerability":"VCID-cryg-7p4f-xyhh"},{"vulnerability":"VCID-d3yt-mkwe-33hu"},{"vulnerability":"VCID-dy4y-w8g5-9udt"},{"vulnerability":"VCID-ed8g-bc8k-dkgq"},{"vulnerability":"VCID-fwyx-hjd4-b7hh"},{"vulnerability":"VCID-gnd3-529f-ube6"},{"vulnerability":"VCID-hxaw-gp24-9kfv"},{"vulnerability":"VCID-hz9e-tmbf-uydt"},{"vulnerability":"VCID-jpyg-rbg3-rybh"},{"vulnerability":"VCID-jqsn-z754-57ek"},{"vulnerability":"VCID-jtj9-ccw1-8kd1"},{"vulnerability":"VCID-kh1w-q4tc-6yhd"},{"vulnerability":"VCID-m956-44xf-2qfz"},{"vulnerability":"VCID-mubw-sf3f-n3fg"},{"vulnerability":"VCID-n3nu-aawj-s7af"},{"vulnerability":"VCID-qazy-c4se-fyfb"},{"vulnerability":"VCID-qmgr-sz7u-7kam"},{"vulnerability":"VCID-smvy-4xzy-4fbq"},{"vulnerability":"VCID-stgp-f24d-qqdp"},{"vulnerability":"VCID-uk44-j13d-43ce"},{"vulnerability":"VCID-uyk7-6syy-m7c3"},{"vulnerability":"VCID-uzm1-jgsr-ufeg"},{"vulnerability":"VCID-w3u1-um27-1uay"},{"vulnerability":"VCID-x9k5-hczy-u3cd"},{"vulnerability":"VCID-xz9f-ksj8-3bhk"},{"vulnerability":"VCID-y7ms-qz8n-3ugn"},{"vulnerability":"VCID-ybzq-wt16-3bc2"},{"vulnerability":"VCID-yhf6-qthy-nqb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/150792?format=json","purl":"pkg:composer/mantisbt/mantisbt@2.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n7b-6pyz-cka5"},{"vulnerability":"VCID-1nq1-6hwz-7kcq"},{"vulnerability":"VCID-1v33-u5bm-pyem"},{"vulnerability":"VCID-516n-s5ts-eyg8"},{"vulnerability":"VCID-5mtg-nbrw-jyhp"},{"vulnerability":"VCID-6tnt-m23j-pyhv"},{"vulnerability":"VCID-843s-1vx7-nueb"},{"vulnerability":"VCID-8676-5hmd-s3hm"},{"vulnerability":"VCID-8cnw-f9a5-aygc"},{"vulnerability":"VCID-8hsn-cvrk-1uh5"},{"vulnerability":"VCID-8wux-1k2d-sbam"},{"vulnerability":"VCID-d3yt-mkwe-33hu"},{"vulnerability":"VCID-dy4y-w8g5-9udt"},{"vulnerability":"VCID-ed8g-bc8k-dkgq"},{"vulnerability":"VCID-fwyx-hjd4-b7hh"},{"vulnerability":"VCID-gnd3-529f-ube6"},{"vulnerability":"VCID-hxaw-gp24-9kfv"},{"vulnerability":"VCID-hz9e-tmbf-uydt"},{"vulnerability":"VCID-jpyg-rbg3-rybh"},{"vulnerability":"VCID-jqsn-z754-57ek"},{"vulnerability":"VCID-jtj9-ccw1-8kd1"},{"vulnerability":"VCID-kh1w-q4tc-6yhd"},{"vulnerability":"VCID-m956-44xf-2qfz"},{"vulnerability":"VCID-mubw-sf3f-n3fg"},{"vulnerability":"VCID-n3nu-aawj-s7af"},{"vulnerability":"VCID-qazy-c4se-fyfb"},{"vulnerability":"VCID-qmgr-sz7u-7kam"},{"vulnerability":"VCID-smvy-4xzy-4fbq"},{"vulnerability":"VCID-stgp-f24d-qqdp"},{"vulnerability":"VCID-uk44-j13d-43ce"},{"vulnerability":"VCID-uyk7-6syy-m7c3"},{"vulnerability":"VCID-uzm1-jgsr-ufeg"},{"vulnerability":"VCID-w3u1-um27-1uay"},{"vulnerability":"VCID-x9k5-hczy-u3cd"},{"vulnerability":"VCID-xz9f-ksj8-3bhk"},{"vulnerability":"VCID-y7ms-qz8n-3ugn"},{"vulnerability":"VCID-ybzq-wt16-3bc2"},{"vulnerability":"VCID-yhf6-qthy-nqb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/150795?format=json","purl":"pkg:composer/mantisbt/mantisbt@2.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n7b-6pyz-cka5"},{"vulnerability":"VCID-1nq1-6hwz-7kcq"},{"vulnerability":"VCID-1v33-u5bm-pyem"},{"vulnerability":"VCID-516n-s5ts-eyg8"},{"vulnerability":"VCID-5mtg-nbrw-jyhp"},{"vulnerability":"VCID-6tnt-m23j-pyhv"},{"vulnerability":"VCID-843s-1vx7-nueb"},{"vulnerability":"VCID-8676-5hmd-s3hm"},{"vulnerability":"VCID-8cnw-f9a5-aygc"},{"vulnerability":"VCID-8hsn-cvrk-1uh5"},{"vulnerability":"VCID-8wux-1k2d-sbam"},{"vulnerability":"VCID-d3yt-mkwe-33hu"},{"vulnerability":"VCID-dy4y-w8g5-9udt"},{"vulnerability":"VCID-ed8g-bc8k-dkgq"},{"vulnerability":"VCID-fwyx-hjd4-b7hh"},{"vulnerability":"VCID-gnd3-529f-ube6"},{"vulnerability":"VCID-hxaw-gp24-9kfv"},{"vulnerability":"VCID-hz9e-tmbf-uydt"},{"vulnerability":"VCID-jpyg-rbg3-rybh"},{"vulnerability":"VCID-jqsn-z754-57ek"},{"vulnerability":"VCID-jtj9-ccw1-8kd1"},{"vulnerability":"VCID-kh1w-q4tc-6yhd"},{"vulnerability":"VCID-m956-44xf-2qfz"},{"vulnerability":"VCID-mubw-sf3f-n3fg"},{"vulnerability":"VCID-n3nu-aawj-s7af"},{"vulnerability":"VCID-qazy-c4se-fyfb"},{"vulnerability":"VCID-qmgr-sz7u-7kam"},{"vulnerability":"VCID-smvy-4xzy-4fbq"},{"vulnerability":"VCID-stgp-f24d-qqdp"},{"vulnerability":"VCID-uk44-j13d-43ce"},{"vulnerability":"VCID-uyk7-6syy-m7c3"},{"vulnerability":"VCID-uzm1-jgsr-ufeg"},{"vulnerability":"VCID-w3u1-um27-1uay"},{"vulnerability":"VCID-x9k5-hczy-u3cd"},{"vulnerability":"VCID-y7ms-qz8n-3ugn"},{"vulnerability":"VCID-ybzq-wt16-3bc2"},{"vulnerability":"VCID-yhf6-qthy-nqb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/187818?format=json","purl":"pkg:composer/mantisbt/mantisbt@2.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n7b-6pyz-cka5"},{"vulnerability":"VCID-1nq1-6hwz-7kcq"},{"vulnerability":"VCID-1v33-u5bm-pyem"},{"vulnerability":"VCID-516n-s5ts-eyg8"},{"vulnerability":"VCID-5mtg-nbrw-jyhp"},{"vulnerability":"VCID-6tnt-m23j-pyhv"},{"vulnerability":"VCID-843s-1vx7-nueb"},{"vulnerability":"VCID-8676-5hmd-s3hm"},{"vulnerability":"VCID-8cnw-f9a5-aygc"},{"vulnerability":"VCID-8hsn-cvrk-1uh5"},{"vulnerability":"VCID-8wux-1k2d-sbam"},{"vulnerability":"VCID-d3yt-mkwe-33hu"},{"vulnerability":"VCID-dy4y-w8g5-9udt"},{"vulnerability":"VCID-ed8g-bc8k-dkgq"},{"vulnerability":"VCID-fwyx-hjd4-b7hh"},{"vulnerability":"VCID-gnd3-529f-ube6"},{"vulnerability":"VCID-hxaw-gp24-9kfv"},{"vulnerability":"VCID-hz9e-tmbf-uydt"},{"vulnerability":"VCID-jpyg-rbg3-rybh"},{"vulnerability":"VCID-jqsn-z754-57ek"},{"vulnerability":"VCID-jtj9-ccw1-8kd1"},{"vulnerability":"VCID-kh1w-q4tc-6yhd"},{"vulnerability":"VCID-m956-44xf-2qfz"},{"vulnerability":"VCID-mubw-sf3f-n3fg"},{"vulnerability":"VCID-n3nu-aawj-s7af"},{"vulnerability":"VCID-qazy-c4se-fyfb"},{"vulnerability":"VCID-qmgr-sz7u-7kam"},{"vulnerability":"VCID-smvy-4xzy-4fbq"},{"vulnerability":"VCID-stgp-f24d-qqdp"},{"vulnerability":"VCID-uk44-j13d-43ce"},{"vulnerability":"VCID-uyk7-6syy-m7c3"},{"vulnerability":"VCID-uzm1-jgsr-ufeg"},{"vulnerability":"VCID-w3u1-um27-1uay"},{"vulnerability":"VCID-x9k5-hczy-u3cd"},{"vulnerability":"VCID-xz9f-ksj8-3bhk"},{"vulnerability":"VCID-y7ms-qz8n-3ugn"},{"vulnerability":"VCID-ybzq-wt16-3bc2"},{"vulnerability":"VCID-yhf6-qthy-nqb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/150796?format=json","purl":"pkg:composer/mantisbt/mantisbt@2.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n7b-6pyz-cka5"},{"vulnerability":"VCID-1nq1-6hwz-7kcq"},{"vulnerability":"VCID-1v33-u5bm-pyem"},{"vulnerability":"VCID-516n-s5ts-eyg8"},{"vulnerability":"VCID-5mtg-nbrw-jyhp"},{"vulnerability":"VCID-6tnt-m23j-pyhv"},{"vulnerability":"VCID-843s-1vx7-nueb"},{"vulnerability":"VCID-8676-5hmd-s3hm"},{"vulnerability":"VCID-8cnw-f9a5-aygc"},{"vulnerability":"VCID-8hsn-cvrk-1uh5"},{"vulnerability":"VCID-8wux-1k2d-sbam"},{"vulnerability":"VCID-d3yt-mkwe-33hu"},{"vulnerability":"VCID-dy4y-w8g5-9udt"},{"vulnerability":"VCID-ed8g-bc8k-dkgq"},{"vulnerability":"VCID-fwyx-hjd4-b7hh"},{"vulnerability":"VCID-gnd3-529f-ube6"},{"vulnerability":"VCID-hxaw-gp24-9kfv"},{"vulnerability":"VCID-hz9e-tmbf-uydt"},{"vulnerability":"VCID-jpyg-rbg3-rybh"},{"vulnerability":"VCID-jqsn-z754-57ek"},{"vulnerability":"VCID-jtj9-ccw1-8kd1"},{"vulnerability":"VCID-kh1w-q4tc-6yhd"},{"vulnerability":"VCID-m956-44xf-2qfz"},{"vulnerability":"VCID-mubw-sf3f-n3fg"},{"vulnerability":"VCID-n3nu-aawj-s7af"},{"vulnerability":"VCID-qazy-c4se-fyfb"},{"vulnerability":"VCID-qmgr-sz7u-7kam"},{"vulnerability":"VCID-smvy-4xzy-4fbq"},{"vulnerability":"VCID-stgp-f24d-qqdp"},{"vulnerability":"VCID-uk44-j13d-43ce"},{"vulnerability":"VCID-uyk7-6syy-m7c3"},{"vulnerability":"VCID-uzm1-jgsr-ufeg"},{"vulnerability":"VCID-w3u1-um27-1uay"},{"vulnerability":"VCID-x9k5-hczy-u3cd"},{"vulnerability":"VCID-y7ms-qz8n-3ugn"},{"vulnerability":"VCID-ybzq-wt16-3bc2"},{"vulnerability":"VCID-yhf6-qthy-nqb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/187819?format=json","purl":"pkg:composer/mantisbt/mantisbt@2.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n7b-6pyz-cka5"},{"vulnerability":"VCID-1nq1-6hwz-7kcq"},{"vulnerability":"VCID-1v33-u5bm-pyem"},{"vulnerability":"VCID-516n-s5ts-eyg8"},{"vulnerability":"VCID-5mtg-nbrw-jyhp"},{"vulnerability":"VCID-6tnt-m23j-pyhv"},{"vulnerability":"VCID-843s-1vx7-nueb"},{"vulnerability":"VCID-8676-5hmd-s3hm"},{"vulnerability":"VCID-8cnw-f9a5-aygc"},{"vulnerability":"VCID-8hsn-cvrk-1uh5"},{"vulnerability":"VCID-8wux-1k2d-sbam"},{"vulnerability":"VCID-d3yt-mkwe-33hu"},{"vulnerability":"VCID-dy4y-w8g5-9udt"},{"vulnerability":"VCID-ed8g-bc8k-dkgq"},{"vulnerability":"VCID-fwyx-hjd4-b7hh"},{"vulnerability":"VCID-gnd3-529f-ube6"},{"vulnerability":"VCID-hxaw-gp24-9kfv"},{"vulnerability":"VCID-hz9e-tmbf-uydt"},{"vulnerability":"VCID-jpyg-rbg3-rybh"},{"vulnerability":"VCID-jqsn-z754-57ek"},{"vulnerability":"VCID-jtj9-ccw1-8kd1"},{"vulnerability":"VCID-kh1w-q4tc-6yhd"},{"vulnerability":"VCID-m956-44xf-2qfz"},{"vulnerability":"VCID-mubw-sf3f-n3fg"},{"vulnerability":"VCID-n3nu-aawj-s7af"},{"vulnerability":"VCID-qazy-c4se-fyfb"},{"vulnerability":"VCID-qmgr-sz7u-7kam"},{"vulnerability":"VCID-smvy-4xzy-4fbq"},{"vulnerability":"VCID-stgp-f24d-qqdp"},{"vulnerability":"VCID-uk44-j13d-43ce"},{"vulnerability":"VCID-uyk7-6syy-m7c3"},{"vulnerability":"VCID-uzm1-jgsr-ufeg"},{"vulnerability":"VCID-w3u1-um27-1uay"},{"vulnerability":"VCID-x9k5-hczy-u3cd"},{"vulnerability":"VCID-y7ms-qz8n-3ugn"},{"vulnerability":"VCID-ybzq-wt16-3bc2"},{"vulnerability":"VCID-yhf6-qthy-nqb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.4.2"},{"url":"http://public2.vulnerablecode.io/api/packages/187820?format=json","purl":"pkg:composer/mantisbt/mantisbt@2.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n7b-6pyz-cka5"},{"vulnerability":"VCID-1nq1-6hwz-7kcq"},{"vulnerability":"VCID-1v33-u5bm-pyem"},{"vulnerability":"VCID-516n-s5ts-eyg8"},{"vulnerability":"VCID-5mtg-nbrw-jyhp"},{"vulnerability":"VCID-6tnt-m23j-pyhv"},{"vulnerability":"VCID-843s-1vx7-nueb"},{"vulnerability":"VCID-8676-5hmd-s3hm"},{"vulnerability":"VCID-8cnw-f9a5-aygc"},{"vulnerability":"VCID-8hsn-cvrk-1uh5"},{"vulnerability":"VCID-8wux-1k2d-sbam"},{"vulnerability":"VCID-d3yt-mkwe-33hu"},{"vulnerability":"VCID-dy4y-w8g5-9udt"},{"vulnerability":"VCID-ed8g-bc8k-dkgq"},{"vulnerability":"VCID-fwyx-hjd4-b7hh"},{"vulnerability":"VCID-gnd3-529f-ube6"},{"vulnerability":"VCID-hxaw-gp24-9kfv"},{"vulnerability":"VCID-hz9e-tmbf-uydt"},{"vulnerability":"VCID-jpyg-rbg3-rybh"},{"vulnerability":"VCID-jqsn-z754-57ek"},{"vulnerability":"VCID-jtj9-ccw1-8kd1"},{"vulnerability":"VCID-kh1w-q4tc-6yhd"},{"vulnerability":"VCID-m956-44xf-2qfz"},{"vulnerability":"VCID-mubw-sf3f-n3fg"},{"vulnerability":"VCID-n3nu-aawj-s7af"},{"vulnerability":"VCID-qazy-c4se-fyfb"},{"vulnerability":"VCID-qmgr-sz7u-7kam"},{"vulnerability":"VCID-smvy-4xzy-4fbq"},{"vulnerability":"VCID-stgp-f24d-qqdp"},{"vulnerability":"VCID-uk44-j13d-43ce"},{"vulnerability":"VCID-uyk7-6syy-m7c3"},{"vulnerability":"VCID-uzm1-jgsr-ufeg"},{"vulnerability":"VCID-w3u1-um27-1uay"},{"vulnerability":"VCID-x9k5-hczy-u3cd"},{"vulnerability":"VCID-y7ms-qz8n-3ugn"},{"vulnerability":"VCID-ybzq-wt16-3bc2"},{"vulnerability":"VCID-yhf6-qthy-nqb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/187821?format=json","purl":"pkg:composer/mantisbt/mantisbt@2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n7b-6pyz-cka5"},{"vulnerability":"VCID-1nq1-6hwz-7kcq"},{"vulnerability":"VCID-1v33-u5bm-pyem"},{"vulnerability":"VCID-516n-s5ts-eyg8"},{"vulnerability":"VCID-5mtg-nbrw-jyhp"},{"vulnerability":"VCID-6tnt-m23j-pyhv"},{"vulnerability":"VCID-843s-1vx7-nueb"},{"vulnerability":"VCID-8676-5hmd-s3hm"},{"vulnerability":"VCID-8cnw-f9a5-aygc"},{"vulnerability":"VCID-8hsn-cvrk-1uh5"},{"vulnerability":"VCID-8wux-1k2d-sbam"},{"vulnerability":"VCID-d3yt-mkwe-33hu"},{"vulnerability":"VCID-dy4y-w8g5-9udt"},{"vulnerability":"VCID-ed8g-bc8k-dkgq"},{"vulnerability":"VCID-fwyx-hjd4-b7hh"},{"vulnerability":"VCID-gnd3-529f-ube6"},{"vulnerability":"VCID-hxaw-gp24-9kfv"},{"vulnerability":"VCID-hz9e-tmbf-uydt"},{"vulnerability":"VCID-jpyg-rbg3-rybh"},{"vulnerability":"VCID-jqsn-z754-57ek"},{"vulnerability":"VCID-jtj9-ccw1-8kd1"},{"vulnerability":"VCID-kh1w-q4tc-6yhd"},{"vulnerability":"VCID-m956-44xf-2qfz"},{"vulnerability":"VCID-mubw-sf3f-n3fg"},{"vulnerability":"VCID-n3nu-aawj-s7af"},{"vulnerability":"VCID-qazy-c4se-fyfb"},{"vulnerability":"VCID-qmgr-sz7u-7kam"},{"vulnerability":"VCID-smvy-4xzy-4fbq"},{"vulnerability":"VCID-stgp-f24d-qqdp"},{"vulnerability":"VCID-uk44-j13d-43ce"},{"vulnerability":"VCID-uyk7-6syy-m7c3"},{"vulnerability":"VCID-uzm1-jgsr-ufeg"},{"vulnerability":"VCID-w3u1-um27-1uay"},{"vulnerability":"VCID-x9k5-hczy-u3cd"},{"vulnerability":"VCID-y7ms-qz8n-3ugn"},{"vulnerability":"VCID-ybzq-wt16-3bc2"},{"vulnerability":"VCID-yhf6-qthy-nqb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.5.1"}],"references":[{"reference_url":"http://openwall.com/lists/oss-security/2017/08/01/1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2017/08/01/1"},{"reference_url":"http://openwall.com/lists/oss-security/2017/08/01/2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2017/08/01/2"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12061","reference_id":"","reference_type":"","scores":[{"value":"0.01034","scoring_system":"epss","scoring_elements":"0.77732","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01034","scoring_system":"epss","scoring_elements":"0.77742","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01034","scoring_system":"epss","scoring_elements":"0.77735","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01034","scoring_system":"epss","scoring_elements":"0.77708","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12061"},{"reference_url":"https://github.com/mantisbt/mantisbt","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mantisbt/mantisbt"},{"reference_url":"https://github.com/mantisbt/mantisbt/commit/17f9b94f031ba93ae2a727bca0e68458ecd08fb0","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mantisbt/mantisbt/commit/17f9b94f031ba93ae2a727bca0e68458ecd08fb0"},{"reference_url":"https://github.com/mantisbt/mantisbt/commit/c73ae3d3d4dd4681489a9e697e8ade785e27cba5","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mantisbt/mantisbt/commit/c73ae3d3d4dd4681489a9e697e8ade785e27cba5"},{"reference_url":"https://mantisbt.org/bugs/view.php?id=23146","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mantisbt.org/bugs/view.php?id=23146"},{"reference_url":"https://web.archive.org/web/20170811053146/http://www.securitytracker.com/id/1039030","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170811053146/http://www.securitytracker.com/id/1039030"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12061","reference_id":"CVE-2017-12061","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12061"},{"reference_url":"https://github.com/advisories/GHSA-98xr-mmq5-vc5h","reference_id":"GHSA-98xr-mmq5-vc5h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-98xr-mmq5-vc5h"}],"weaknesses":[{"cwe_id":79,"name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","description":"The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"4.0 - 6.9","exploitability":"0.5","weighted_severity":"6.2","risk_score":3.1,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gnd3-529f-ube6"}