CVE-2016-7111

2017-02-17T17:59:00
ID CVE-2016-7111
Type cve
Reporter cve@mitre.org
Modified 2017-02-22T18:26:00

Description

MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.