{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2017-12062","title":"Title"},{"category":"description","text":"An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2017-12062","url":"https://www.suse.com/security/cve/CVE-2017-12062"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1051698 for CVE-2017-12062","url":"https://bugzilla.suse.com/1051698"}],"title":"SUSE CVE CVE-2017-12062","tracking":{"current_release_date":"2025-02-18T07:39:01Z","generator":{"date":"2023-02-15T04:42:19Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2017-12062","initial_release_date":"2023-02-15T04:42:19Z","revision_history":[{"date":"2023-02-15T04:42:19Z","number":"2","summary":"Current version"},{"date":"2025-01-01T08:40:26Z","number":"3","summary":"Current version"},{"date":"2025-02-18T07:39:01Z","number":"4","summary":"Current version"}],"status":"interim","version":"4"}}}