CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
AI Score
Confidence
High
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
MantisBT (Mantis Bug Tracker) is an open source issue tracker. Improper escaping of a custom field’s name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues (bug_change_status_page.php
) belonging to a project linking said custom field, viewing issues (view_all_bug_page.php
) when the custom field is displayed as a column, or printing issues (print_all_bug_page.php
) when the custom field is displayed as a column. Version 2.26.2 contains a patch for the issue. As a workaround, ensure Custom Field Names do not contain HTML tags.
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
AI Score
Confidence
High
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial