CVE-2014-9272
Publication date 9 January 2015
Last updated 24 July 2024
Ubuntu priority
The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly validate the URL protocol, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the javascript:// protocol.
Status
Package | Ubuntu Release | Status |
---|---|---|
mantis | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |