FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mantis -- multiple vulnerabilities

Affected packages
mantis-php71 < 2.22.1,1
mantis-php72 < 2.22.1,1
mantis-php73 < 2.22.1,1
mantis-php74 < 2.22.1,1

Details

VuXML ID 81fcc2f9-e15a-11e9-abbf-800dd28b22bd
Discovery 2019-08-28
Entry 2019-09-27

The Mantis developers report:

CVE-2019-15715: [Admin Required - Post Authentication] Command Execution / Injection Vulnerability

CVE-2019-8331: In Bootstrap before 3.4.1, XSS is possible in the tooltip or popover data-template attribute

Missing integrity hashes for CSS resources from CDNs

[source]

References

CVE Name CVE-2019-15715
CVE Name CVE-2019-8331
URL https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.22.1

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.