CVE-2014-9271

Name of the Vulnerable Software and Affected Versions MantisBT versions prior to 1.2.18

Description A cross-site scripting (XSS) issue exists, allowing remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments. This can be demonstrated by a filename such as .swf.jpeg.

Recommendations For versions prior to 1.2.18, update to version 1.2.18 or later to resolve the issue. As a temporary workaround, consider restricting the upload of files with executable content, such as .swf files, to minimize the risk of exploitation.