Lucene search

K
cvelistMitreCVELIST:CVE-2020-25288
HistorySep 30, 2020 - 8:26 p.m.

CVE-2020-25288

2020-09-3020:26:59
mitre
www.cve.org

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.9%

An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input’s pattern attribute allows HTML injection and, if CSP settings permit, execution of arbitrary JavaScript.

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.9%

Related for CVELIST:CVE-2020-25288