Lucene search

K
osvGoogleOSV:CVE-2020-25288
HistorySep 30, 2020 - 9:15 p.m.

CVE-2020-25288

2020-09-3021:15:13
Google
osv.dev
4

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.0%

An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input’s pattern attribute allows HTML injection and, if CSP settings permit, execution of arbitrary JavaScript.

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.0%