CVE-2016-7111

2017-02-1717:59:01

Google

osv.dev

6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.5%

JSON

MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

CPENameOperatorVersion
mantisbteqrelease-1.3.0-rc.1
mantisbteqrelease-1.2.0a2
mantisbteqrelease-1.2.0a3
mantisbteqrelease-1.2.0a1
mantisbteqrelease-1.3.0
mantisbteqrelease-1.3.0-beta.3
mantisbteqrelease-1.3.0-beta.1
mantisbteqrelease-1.3.0-beta.2
mantisbteqrelease-1.2.0rc1
mantisbteqrelease-1.3.0-rc.2

Name	Operator	Version
mantisbt	eq	release-1.3.0-rc.1
mantisbt	eq	release-1.2.0a2
mantisbt	eq	release-1.2.0a3
mantisbt	eq	release-1.2.0a1
mantisbt	eq	release-1.3.0
mantisbt	eq	release-1.3.0-beta.3
mantisbt	eq	release-1.3.0-beta.1
mantisbt	eq	release-1.3.0-beta.2
mantisbt	eq	release-1.2.0rc1
mantisbt	eq	release-1.3.0-rc.2