Intrusion Prevention

Mantis.Bug.Tracker.Filter.API.View.Type.XSS

Description

This indicates an attack attempt to exploit a Cross-Site Scripting Vulnerability in the Filter API component of Mantis Bug Tracker.
The vulnerability is due to an input validation error while parsing a crafted HTTP request. A remote attacker could exploit this to execute arbitrary script code within the context of the target user's browser, by enticing authenticated users to click on a crafted link.

Affected Products

Mantis Bug Tracker 1.3.0 and prior

Impact

System Compromise: Remote attackers can execute arbitrary script code within the context of the target user's browser

Recommended Actions

Apply the latest patch from the vendor.
https://mantisbt.org/bugs/view.php?id=21611

CVE References

CVE-2016-6837