An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-06-17T18:14:52
Updated: 2024-08-03T23:50:43.162Z
Reserved: 2021-05-24T00:00:00
Link: CVE-2021-33557
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-06-17T19:15:07.967
Modified: 2021-06-21T13:27:28.850
Link: CVE-2021-33557
Redhat
No data.