Vulnerability Database

308,820

Total vulnerabilities in the database

CVE-2014-9272

The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly validate the URL protocol, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the javascript:// protocol.

  • Published: Jan 9, 2015
  • Updated: Nov 9, 2025
  • CVE: CVE-2014-9272
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
debian / debian_linux 7.0 7.0.x
mantisbt / mantisbt 1.2.13 1.2.13.x
mantisbt / mantisbt 1.1.0-rc3 1.1.0-rc3.x
mantisbt / mantisbt 1.2.15 1.2.15.x
mantisbt / mantisbt 1.2.2 1.2.2.x
mantisbt / mantisbt 1.2.0-rc1 1.2.0-rc1.x
mantisbt / mantisbt 1.2.12 1.2.12.x
mantisbt / mantisbt 1.2.5 1.2.5.x
mantisbt / mantisbt 1.2.10 1.2.10.x
mantisbt / mantisbt 1.2.9 1.2.9.x
mantisbt / mantisbt 1.1.0-rc2 1.1.0-rc2.x
mantisbt / mantisbt 1.1.6 1.1.6.x
mantisbt / mantisbt 1.2.0 1.2.0.x
mantisbt / mantisbt 1.1.9 1.1.9.x
mantisbt / mantisbt 1.1.4 1.1.4.x
mantisbt / mantisbt 1.2.8 1.2.8.x
mantisbt / mantisbt 1.1.0-a4 1.1.0-a4.x
mantisbt / mantisbt 1.2.16 1.2.16.x
mantisbt / mantisbt 1.1.0-rc1 1.1.0-rc1.x
mantisbt / mantisbt 1.1.0-a2 1.1.0-a2.x
mantisbt / mantisbt 1.2.11 1.2.11.x
mantisbt / mantisbt 1.1.5 1.1.5.x
mantisbt / mantisbt 1.1.0-a3 1.1.0-a3.x
mantisbt / mantisbt 1.2.3 1.2.3.x
mantisbt / mantisbt 1.1.2 1.1.2.x
mantisbt / mantisbt 1.1.0-a1 1.1.0-a1.x
mantisbt / mantisbt 1.2.6 1.2.6.x
mantisbt / mantisbt 1.2.1 1.2.1.x
mantisbt / mantisbt 1.1.7 1.1.7.x
mantisbt / mantisbt 1.1.3 1.1.3.x
mantisbt / mantisbt 1.1.8 1.1.8.x
mantisbt / mantisbt 1.2.7 1.2.7.x
mantisbt / mantisbt 1.2.17 1.2.17.x
mantisbt / mantisbt 1.2.4 1.2.4.x
mantisbt / mantisbt 1.2.0-rc2 1.2.0-rc2.x
mantisbt / mantisbt 1.2.14 1.2.14.x
mantisbt / mantisbt 1.1.1 1.1.1.x
mantisbt / mantisbt 1.2.0-alpha1 1.2.0-alpha1.x
mantisbt / mantisbt 1.2.0-alpha2 1.2.0-alpha2.x
mantisbt / mantisbt 1.2.0-alpha3 1.2.0-alpha3.x