CVE-2022-26144

An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code if CSP allows it in managepluginpage.php and managepluginuninstall.php when a crafted plugin is installed...

MantisBT 跨站脚本漏洞

MantisBT is MantisBT Mantisbt team of a Web-based open source defect tracking system . The system provides project management and defect tracking services in the form of Web operations. A security vulnerability exists in MantisBT versions prior to 2.25.3, which stems from improper escaping of...