Lucene search
+L

5 matches found

github
github
added 2024/05/13 4:0 p.m.34 views

Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting

Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when: - resolving or closing issues bugchangestatuspage.php belonging to a project linking said custom field - viewing issues viewallbugpage.php when...

6.6CVSS6AI score0.00648EPSS
Exploits0References5Affected Software1
osv
osv
added 2024/05/13 4:0 p.m.45 views

GHSA-WGX7-JP56-65MQ Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting

Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when: - resolving or closing issues bugchangestatuspage.php belonging to a project linking said custom field - viewing issues viewallbugpage.php when...

6.6CVSS5.2AI score0.00648EPSS
Exploits0References5
nessus
nessus
added 2020/11/17 12:0 a.m.24 views

FreeBSD : mantis -- multiple vulnerabilities (19259833-26b1-11eb-a239-1c697a013f4b)

Mantis 2.24.3 release reports : This release fixes 3 security issues : - 0027039: CVE-2020-25781: Access to private bug note attachments - 0027275: CVE-2020-25288: HTML Injection on bugupdatepage.php - 0027304: CVE-2020-25830: HTML Injection in bugactiongrouppage.php C Tenable Network Security,...

4.8CVSS5.2AI score0.01682EPSS
Exploits3References5
cve
cve
added 2020/09/30 8:33 p.m.66 views

CVE-2020-25830

CVE-2020-25830 affects MantisBT before 2.24.3. The root cause is improper escaping of a custom field name, permitting HTML injection and, if CSP allows, arbitrary JavaScript execution when updating that custom field via bug_actiongroup_page.php. Evidence in multiple sources ties this to an XSS ri...

4.8CVSS5.2AI score0.01682EPSS
Exploits1References2Affected Software1
freebsd
freebsd
added 2020/09/13 12:0 a.m.31 views

mantis -- multiple vulnerabilities

Mantis 2.24.3 release reports: This release fixes 3 security issues: 0027039: CVE-2020-25781: Access to private bug note attachments 0027275: CVE-2020-25288: HTML Injection on bugupdatepage.php 0027304: CVE-2020-25830: HTML Injection in bugactiongrouppage.php...

4.8CVSS1.1AI score0.01682EPSS
Exploits3References3
Rows per page
Query Builder