3 matches found
FreeBSD : mantis -- multiple vulnerabilities (19259833-26b1-11eb-a239-1c697a013f4b)
Mantis 2.24.3 release reports : This release fixes 3 security issues : - 0027039: CVE-2020-25781: Access to private bug note attachments - 0027275: CVE-2020-25288: HTML Injection on bugupdatepage.php - 0027304: CVE-2020-25830: HTML Injection in bugactiongrouppage.php C Tenable Network Security,...
CVE-2020-25288
CVE-2020-25288 affects MantisBT before 2.24.3. When editing an issue in a project with a Custom Field using a crafted Regular Expression, improper escaping of the input’s pattern attribute can cause HTML injection and, if CSP allows, execution of arbitrary JavaScript. Impact is HTML injection/XSS...
mantis -- multiple vulnerabilities
Mantis 2.24.3 release reports: This release fixes 3 security issues: 0027039: CVE-2020-25781: Access to private bug note attachments 0027275: CVE-2020-25288: HTML Injection on bugupdatepage.php 0027304: CVE-2020-25830: HTML Injection in bugactiongrouppage.php...