This host is installed with MantisBT and is prone to cross-site scripting vulnerability.
Successful exploitation will allow attackers to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Impact Level: Application
Upgrade to MantisBT version 1.2.18 or later. For updates refer to http://www.mantisbt.org/download.php
The flaw exists as the adm_config_report.php script does not validate input when handling the config file option before returning it to users.
MantisBT version 1.2.13 through 1.2.17
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
- Multiple ZyWALL USG Products Remote Security Bypass Vulnerability
- BasiliX Arbitrary File Disclosure Vulnerability
- BestShopPro 'str' Parameter Cross Site Scripting and SQL Injection Vulnerabilities
- LDAP Account Manager 'selfserviceSaveOk' Parameter Cross Site Scripting Vulnerability
- Manx Multiple Cross Site Scripting and Directory Traversal Vulnerabilities