3 matches found
CVE-2020-28413
In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mcprojectgetusers function through the API SOAP...
Sql injection
In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mcprojectgetusers function through the API SOAP...
CVE-2020-25830
An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bugactiongrouppage.php...