Описание
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListPatchThird Party Advisory
- Patch
- PatchVendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListPatchThird Party Advisory
- Patch
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.3.0 (включая)
Одно из
cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:2.0.0:beta1:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.0033
Низкий
4.7 Medium
CVSS3
2.6 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 4.7
ubuntu
почти 9 лет назад
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
CVSS3: 4.7
debian
почти 9 лет назад
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content ...
CVSS3: 4.7
github
больше 3 лет назад
MantisBT XSS through weak CSP when using Gravatar plugin
EPSS
Процентиль: 55%
0.0033
Низкий
4.7 Medium
CVSS3
2.6 Low
CVSS2
Дефекты
CWE-79