{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "2.1.0" }, { "introduced": "0" }, { "last_affected": "2.1.1" }, { "introduced": "0" }, { "last_affected": "2.1.2" }, { "introduced": "0" }, { "last_affected": "2.1.3" }, { "introduced": "0" }, { "last_affected": "2.2.0" }, { "introduced": "0" }, { "last_affected": "2.2.1" }, { "introduced": "0" }, { "last_affected": "2.2.2" }, { "introduced": "0" }, { "last_affected": "2.2.3" }, { "introduced": "0" }, { "last_affected": "2.2.4" }, { "introduced": "0" }, { "last_affected": "2.3.0" }, { "introduced": "0" }, { "last_affected": "2.3.1" }, { "introduced": "0" }, { "last_affected": "2.3.2" }, { "introduced": "0" }, { "last_affected": "2.3.3" }, { "introduced": "0" }, { "last_affected": "2.4.0" }, { "introduced": "0" }, { "last_affected": "2.4.1" }, { "introduced": "0" }, { "last_affected": "2.4.2" }, { "introduced": "0" }, { "last_affected": "2.5.0" }, { "introduced": "0" }, { "last_affected": "2.5.1" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "9f117fd951fbde716077b1453e0ecba9dbdc588a" }, { "introduced": "0" }, { "last_affected": "4d317bf6c92a2cf32644286b5f49b6c34988d973" }, { "introduced": "0" }, { "last_affected": "67edb2ce5d720c28ebac4acf1d9d6f990c4eff99" }, { "introduced": "0" }, { "last_affected": "d4d0e851fbf2ec38532e045d2acec22b0e544f53" }, { "introduced": "0" }, { "last_affected": "b77f7b5783e270066cdf10dae36f6241ac1591c3" }, { "introduced": "0" }, { "last_affected": "1abcbc10ea82aa36c2f2c2f38f43343d013749c4" }, { "introduced": "0" }, { "last_affected": "5e95a5db5f445ec39868b341a73416a8f9008c35" }, { "introduced": "0" }, { "last_affected": "a954bbdc7e53b98dcac51fcf8bc6cb41deaa0028" }, { "introduced": "0" }, { "last_affected": "73a34c4af43358599ff62b01c1b1f23d75a0c76c" }, { "introduced": "0" }, { "last_affected": "0c6dde3dea2ea43d1d38f72f44834436c6dd4d74" }, { "introduced": "0" }, { "last_affected": "27b5b292c9814a40fdd5715fa499a82e29f6f866" }, { "introduced": "0" }, { "last_affected": "afc31a63fd76ae68f8bc8e8516d4431cf10ea9c5" }, { "introduced": "0" }, { "last_affected": "990c773bab5cdc69d30cfd2be1824cb42e463ba2" }, { "introduced": "0" }, { "last_affected": "d83c14a9cd3cdd898fd911dd904feacea7340ac6" }, { "introduced": "0" }, { "last_affected": "609e2522903b1cbec51c054beb2761927ec19d0f" }, { "introduced": "0" }, { "last_affected": "90d8895978e056caaef178df932dcfb827a3f14d" }, { "introduced": "0" }, { "last_affected": "b1010be69bd6fc4b2dd091ce3ab93e1ac75d3396" }, { "introduced": "0" }, { "last_affected": "063cce6182568cf2eba81e3ca59cdd67606e7bab" }, { "fixed": "9b5b71dadbeeeec27efea59f562ac5bd6d2673b7" } ], "repo": "https://github.com/mantisbt/mantisbt", "type": "GIT" } ] } ], "details": "An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled.", "id": "CVE-2017-12062", "modified": "2026-04-01T23:07:53.862630386Z", "published": "2017-08-01T15:29:00.593Z", "references": [ { "type": "ADVISORY", "url": "http://openwall.com/lists/oss-security/2017/08/01/1" }, { "type": "ADVISORY", "url": "http://openwall.com/lists/oss-security/2017/08/01/2" }, { "type": "ADVISORY", "url": "http://www.securitytracker.com/id/1039030" }, { "type": "REPORT", "url": "https://mantisbt.org/bugs/view.php?id=23166" }, { "type": "FIX", "url": "https://github.com/mantisbt/mantisbt/commit/9b5b71dadbeeeec27efea59f562ac5bd6d2673b7" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "type": "CVSS_V3" } ] }