mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-05 10:17:57 +00:00
840 B
840 B
CVE-2022-33910
Description
An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download.php opens the SVG document in a browser tab instead of downloading it as a file, causing the JavaScript code to execute.