CVE-2017-12062

Name of the Vulnerable Software and Affected Versions MantisBT versions prior to 2.5.2

Description A security issue was found that allows remote attackers to execute arbitrary JavaScript code. This occurs because the filter field in the manage user page.php file is not properly sanitized before being rendered in the Manage User page. This issue can be exploited if Content Security Policy (CSP) is disabled.

Recommendations For versions prior to 2.5.2, update to version 2.5.2 or later to resolve the issue. As a temporary workaround, consider enabling Content Security Policy (CSP) to minimize the risk of exploitation.