MantisBT 1.3.x < 1.3.1 Multiple Vulnerabilities

Versions of MantisBT 1.3.x prior to 1.3.1 are affected by the following vulnerabilities :

• A flaw exists that allows a cross-site scripting (XSS) attack. This flaw exists because the ‘view_all_bug_page.php’ script does not validate input to the ‘view_type’ parameter before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server. (CVE-2016-6837)
• A flaw exists that is triggered as the ‘header()’ function may replace a value when receiving a second instance of a variable. This may cause the default Gravatar plugin to overwrite the Content Security Policy (CSP) with its own, less strict version. This may allow a remote attacker to more easily conduct XSS attacks. (CVE-2016-7111)