An issue was discovered in the Source Integration plugin before 1.5.9 and 2.x before 2.1.5 for MantisBT. A cross-site scripting (XSS) vulnerability in the Manage Repository and Changesets List pages allows execution of arbitrary code (if CSP settings permit it) via repo_manage_page.php or list.php.
CPE | Name | Operator | Version |
---|---|---|---|
source_integration | lt | 1.5.9 | |
source_integration | ge | 2.0.0 | |
source_integration | lt | 2.1.5 |