CVE-2021-33557

An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.
References
Link Resource
https://mantisbt.org/bugs/view.php?id=28552 Exploit Vendor Advisory
https://mantisbt.org/blog/archives/mantisbt/699 Release Notes Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*

Information

Published : 2021-06-17 19:15

Updated : 2021-06-21 13:27


NVD link : CVE-2021-33557

Mitre link : CVE-2021-33557


JSON object : View

Products Affected

mantisbt

  • mantisbt
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')