{"id":"CVE-2017-6973","details":"A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2.","aliases":["GHSA-v7qf-22rw-chph"],"modified":"2026-04-10T04:00:46.601314Z","published":"2017-03-31T04:59:00.220Z","references":[{"type":"WEB","url":"http://www.securitytracker.com/id/1038169"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/97252"},{"type":"FIX","url":"http://openwall.com/lists/oss-security/2017/03/30/4"},{"type":"FIX","url":"http://www.mantisbt.org/bugs/view.php?id=22537"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mantisbt/mantisbt","events":[{"introduced":"0"},{"last_affected":"29d359f6ed26902bf8a45e21124f00b3fad3b95c"},{"introduced":"0"},{"last_affected":"f4683bd1b2390174b4bbf6159c59ca92d2365485"},{"introduced":"0"},{"last_affected":"5ee1976ce32ba01ab946e728d750161cc3dbdfa2"},{"introduced":"0"},{"last_affected":"81ce69ccbbba1262e5e6d11ca36d6a26b46821ae"},{"introduced":"0"},{"last_affected":"abf2982786ff44e8837374d6c80afcaffa92e170"},{"introduced":"0"},{"last_affected":"0469fd5e6b5c043205015bb438638728068d35e0"},{"introduced":"0"},{"last_affected":"c1d3abba777aa8d208b4119ff52de040ed59f578"},{"introduced":"0"},{"last_affected":"ec7c8146c23e0630aaa933b057425eae1f5726d3"},{"introduced":"0"},{"last_affected":"792b01007ddd972855598eb1654f718f1aad14b0"},{"introduced":"0"},{"last_affected":"ac51f2a22377ec1cef40ae53048327d7ab2df33e"},{"introduced":"0"},{"last_affected":"6aae5cbd3ced0df0bb165bfe67295a4ea27e58b5"},{"introduced":"0"},{"last_affected":"9f117fd951fbde716077b1453e0ecba9dbdc588a"},{"introduced":"0"},{"last_affected":"4d317bf6c92a2cf32644286b5f49b6c34988d973"},{"introduced":"0"},{"last_affected":"67edb2ce5d720c28ebac4acf1d9d6f990c4eff99"},{"introduced":"0"},{"last_affected":"d4d0e851fbf2ec38532e045d2acec22b0e544f53"},{"introduced":"0"},{"last_affected":"b77f7b5783e270066cdf10dae36f6241ac1591c3"},{"introduced":"0"},{"last_affected":"1abcbc10ea82aa36c2f2c2f38f43343d013749c4"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.3.1"},{"introduced":"0"},{"last_affected":"1.3.2"},{"introduced":"0"},{"last_affected":"1.3.3"},{"introduced":"0"},{"last_affected":"1.3.4"},{"introduced":"0"},{"last_affected":"1.3.5"},{"introduced":"0"},{"last_affected":"1.3.6"},{"introduced":"0"},{"last_affected":"1.3.7"},{"introduced":"0"},{"last_affected":"1.3.8"},{"introduced":"0"},{"last_affected":"1.3.9"},{"introduced":"0"},{"last_affected":"2.0.0"},{"introduced":"0"},{"last_affected":"2.0.1"},{"introduced":"0"},{"last_affected":"2.1.0"},{"introduced":"0"},{"last_affected":"2.1.1"},{"introduced":"0"},{"last_affected":"2.1.2"},{"introduced":"0"},{"last_affected":"2.1.3"},{"introduced":"0"},{"last_affected":"2.2.0"},{"introduced":"0"},{"last_affected":"2.2.1"}]}}],"versions":["release-1.2.0a1","release-1.2.0a2","release-1.2.0a3","release-1.2.0rc1","release-1.3.0","release-1.3.0-beta.1","release-1.3.0-beta.2","release-1.3.0-beta.3","release-1.3.0-rc.1","release-1.3.0-rc.2","release-1.3.1","release-1.3.2","release-1.3.3","release-1.3.4","release-1.3.5","release-1.3.6","release-1.3.7","release-1.3.8","release-1.3.9","release-2.0.0","release-2.0.0-beta.1","release-2.0.0-beta.2","release-2.0.0-beta.3","release-2.0.0-rc.1","release-2.0.0-rc.2","release-2.0.1","release-2.1.0","release-2.1.1","release-2.1.2","release-2.1.3","release-2.2.0","release-2.2.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6973.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.3.0-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-beta1"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-beta2"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-beta3"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-rc2"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}]}