Lucene search
GoogleOSV:CVE-2020-25830HistorySep 30, 2020 - 9:15 p.m.
CVE-2020-25830
2020-09-3021:15:13
Google
osv.dev
2
An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field’s name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bug_actiongroup_page.php.
Related
ubuntucve
ubuntucve
CVE-2020-25830
2020-09-30 00:00:00
cve
cve
CVE-2020-25830
2020-09-30 21:15:13
cvelist
cvelist
CVE-2020-25830
2020-09-30 20:33:43
nvd
nvd
CVE-2020-25830
2020-09-30 21:15:13
prion
prion
Design/Logic Flaw
2020-09-30 21:15:00
github
github
MantisBT HTML Injection vulnerability
2022-05-24 17:29:51
Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting
2024-05-13 16:00:40
osv
osv
Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting
2024-05-13 16:00:40
openvas
openvas
MantisBT < 2.24.3 Multiple Vulnerabilities - Windows
2020-10-02 00:00:00
MantisBT < 2.24.3 Multiple Vulnerabilities - Linux
2020-10-02 00:00:00
nessus
nessus
freebsd
freebsd
mantis -- multiple vulnerabilities
2020-09-13 00:00:00