This host is installed with MantisBT and is prone to cross-site scripting vulnerability.
Successful exploitation will allow attackers to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Impact Level: Application
Upgrade to MantisBT version 1.2.18 or later. For updates refer to http://www.mantisbt.org/download.php
The flaw exists as the adm_config_report.php script does not validate input when handling the config file option before returning it to users.
MantisBT version 1.2.13 through 1.2.17
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
- MediaWiki 'profileinfo.php' Cross Site Scripting Vulnerability
- LDAP Account Manager 'selfserviceSaveOk' Parameter Cross Site Scripting Vulnerability
- net2ftp Multiple Cross-Site Scripting Vulnerabilities
- Mantis 'manage_proj_cat_add.php' HTML Injection Vulnerability
- HP System Management Homepage Multiple Unspecified Vulnerabilities