Mantisbt · Mantisbt · CVE-2014-9701
**Name of the Vulnerable Software and Affected Versions**
MantisBT versions prior to 1.2.19
MantisBT versions 1.3.x prior to 1.3.0-beta.2
**Description**
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `url` parameter to "permalink page.php".
**Recommendations**
For MantisBT versions prior to 1.2.19, update to version 1.2.19 or later.
For MantisBT versions 1.3.x prior to 1.3.0-beta.2, update to version 1.3.0-beta.2 or later.