CVE-2016-6837

Name of the Vulnerable Software and Affected Versions MantisBT versions prior to 1.2.19 MantisBT version 2.0.0-beta1 MantisBT version 1.3.0-beta1

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the view type parameter in the MantisBT Filter API.

Recommendations For MantisBT versions prior to 1.2.19, update to version 1.2.19 or later. For MantisBT version 2.0.0-beta1, avoid using the view type parameter in the affected API endpoint until the issue is resolved. For MantisBT version 1.3.0-beta1, restrict access to the MantisBT Filter API to minimize the risk of exploitation.