Cross-site scripting (XSS) vulnerability in the "set configuration" box in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
XSS
PHP
Mantisbt
NVD
GitHub
CVSS 2.0
3.5
EPSS
0.5%