CVE Identifier: CVE-2014-9701 Summary: XSS issue in MantisBT Status: Closed Upstream Product and Component: Security Response - vulnerability Fixed In Version: MantisBT 1.2.19, MantisBT 1.3.0-beta.2 Reported and Modified Dates: Reported on 2015-03-17, last modified on 2019-09-29 Environment: Confirmed on Linux OS Priority and Severity: Both are medium Description: The script in MantisBT is vulnerable to XSS attacks, allowing crafted URLs to execute arbitrary JavaScript in the user's browser. Upstream patches are available for 1.2.x and 1.3.x branches. Additional Links: Provided for upstream patches and a security mailing list reference Tracking: Affects according to a created tracking entry Project Note: This CVE is for community support, explicitly stated not to affect a commercially supported Red Hat product.