10 matches found
EUVD-2016-7990
Malware in sbrugna...
Cross-site Scripting (XSS)
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the weak Content Security Policy configuration when using the Gravatar plugin. An attacker can inject malicious scripts by exploiting the insufficient security...
MantisBT XSS through weak CSP when using Gravatar plugin
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting XSS attacks via unspecified vectors...
GHSA-8VX9-HCVQ-GFV8 MantisBT XSS through weak CSP when using Gravatar plugin
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting XSS attacks via unspecified vectors...
CVE-2016-7111
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting XSS attacks via unspecified vectors...
CVE-2016-7111
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting XSS attacks via unspecified vectors...
CVE-2016-7111
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting XSS attacks via unspecified vectors...
Cross site scripting
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting XSS attacks via unspecified vectors...
CVE-2016-7111
CVE-2016-7111 affects MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2. The root cause is a weak Content Security Policy when the Gravatar plugin is used, enabling cross-site scripting (XSS) via unspecified vectors. Impact is XSS with potential malicious script execution in user browsers. Remedi...
CVE-2016-7111
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting XSS attacks via unspecified vectors...