CVE-2018-17782
Description
An XSS vulnerability in MantisBT 2.1.0 through 2.17.1 allows attackers to inject arbitrary code via crafted project names on the Manage Filters page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An XSS vulnerability in MantisBT 2.1.0 through 2.17.1 allows attackers to inject arbitrary code via crafted project names on the Manage Filters page.
Vulnerability
A cross-site scripting (XSS) vulnerability exists in the Manage Filters page (manage_filter_page.php) of MantisBT versions 2.1.0 through 2.17.1 [1]. The issue occurs because the application fails to sanitize project names when displaying them in the filter list and widget header [3]. Specifically, the project_get_name() function output is not passed through string_display_line() for HTML escaping, allowing crafted project names to inject arbitrary JavaScript [3].
Exploitation
An attacker must have access rights to create or modify projects with a crafted name (if access rights permit) and the instance must have Content Security Policy settings that allow inline script execution (if CSP settings permit) [1]. The attacker creates or renames a project to contain malicious payload, then a victim with Manage Filters access views the affected page, triggering the XSS [3].
Impact
Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's session, leading to potential information disclosure, session hijacking, or other actions that the victim can perform. The impact depends on the victim's privileges [1].
Mitigation
The vulnerability is fixed in MantisBT versions 2.18.0 and 2.17.2, released on September 29, 2018 [4]. The fix was applied via commit a8f460b4d5d171ea1b0cc5a32ecfeb0ecbf9fcf9, which wraps project_get_name() output with string_display_line() [3]. Users should upgrade to a patched version or apply the provided patch [3] [4].
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mantisbt/mantisbtPackagist | >= 2.1.0, < 2.17.2 | 2.17.2 |
Affected products
1Patches
172ab020a42a3Fix XSS in manage_filter_page.php
1 file changed · +2 −2
manage_filter_page.php+2 −2 modified@@ -103,7 +103,7 @@ function table_print_filter_row( $p_filter_id ) { echo '</td>'; } # Project - echo '<td>' . project_get_name( filter_get_field( $p_filter_id, 'project_id' )) . '</td>'; + echo '<td>' . string_display_line( project_get_name( filter_get_field( $p_filter_id, 'project_id' ) ) ) . '</td>'; # Public echo '<td class="center">' . trans_bool( filter_get_field( $p_filter_id, 'is_public' ) ) . '</td>'; # Owner @@ -152,7 +152,7 @@ function table_print_filters( array $p_filter_array ) { <div class="widget-header widget-header-small"> <h4 class="widget-title lighter"> <i class="ace-icon fa fa-filter"></i> - <?php echo lang_get('available_filter_for_project') . ': ' . project_get_name( $t_project_id ) ?> + <?php echo lang_get('available_filter_for_project') . ': ' . string_display_line( project_get_name( $t_project_id ) ) ?> </h4> </div>
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-ggjm-7m5f-7xjvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-17782ghsaADVISORY
- github.com/mantisbt/mantisbt/commit/72ab020a42a35fd341e983a25849f8277bb34044ghsaWEB
- mantisbt.org/blog/archives/mantisbt/613ghsax_refsource_CONFIRMWEB
- mantisbt.org/bugs/view.phpghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.