vulnerability

FreeBSD: VID-0822a4cf-9318-11e8-8d88-00e04c1ea73d (CVE-2018-13066): mantis -- multiple vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	Jul 29, 2018	Jul 30, 2018	Dec 10, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

Jul 29, 2018

Added

Jul 30, 2018

Modified

Dec 10, 2025

Description

mantis reports: Teun Beijers reported a cross-site scripting (XSS) vulnerability in the Edit Filter page which allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name. Prevent the attack by sanitizing the filter name before display. Ömer Cıtak, Security Researcher at Netsparker, reported this vulnerability, allowing remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO on view_filters_page.php. Prevent the attack by sanitizing the output of $_SERVER['PHP_SELF'] before display.

Solution

freebsd-upgrade-package-mantis

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today