CVE-2013-1932

Name of the Vulnerable Software and Affected Versions MantisBT version 1.2.13

Description A cross-site scripting (XSS) issue exists in the configuration report page, specifically in the adm config report.php file, allowing remote authenticated users to inject arbitrary web script or HTML via a project name.

Recommendations For MantisBT version 1.2.13, consider restricting access to the configuration report page until a fix is available. As a temporary workaround, avoid using the project name field in the adm config report.php file to minimize the risk of exploitation.