6.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
0.0004 Low
EPSS
Percentile
15.7%
MantisBT (Mantis Bug Tracker) is an open source issue tracker. Improper escaping of a custom field’s name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues (bug_change_status_page.php
) belonging to a project linking said custom field, viewing issues (view_all_bug_page.php
) when the custom field is displayed as a column, or printing issues (print_all_bug_page.php
) when the custom field is displayed as a column. Version 2.26.2 contains a patch for the issue. As a workaround, ensure Custom Field Names do not contain HTML tags.
[
{
"vendor": "mantisbt",
"product": "mantisbt",
"versions": [
{
"version": "< 2.26.2",
"status": "affected"
}
]
}
]