3 matches found
CVE-2025-12937
The ACF Flexible Layouts Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'acfflmupdatetemplatewithpastedlayout' function in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers to...
Cross-site Scripting (XSS)
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the helperensureconfirmed call in managecustomfieldupdate.php, where the custom field name is not properly sanitized. An attacker can inject malicious scripts...
GHSA-CVRM-CR3M-QJ92 MantisBT XSS in manage_custom_field_update.php
An issue was discovered in MantisBT through 2.24.3. In the helperensureconfirmed call in managecustomfieldupdate.php, the custom field name is not sanitized. This may be problematic depending on CSP settings...