CVE-2020-16266

Опубликовано: 12 авг. 2020

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on view_all_bug_page.php allows a remote attacker to inject arbitrary HTML into the page by saving it into a text Custom Field, leading to possible code execution in the browser of any user subsequently viewing the issue (if CSP settings allow it).

Ссылки

https://mantisbt.org/blog/archives/mantisbt/665
Release Notes
Vendor Advisory
https://mantisbt.org/bugs/view.php?id=27056
Exploit
Issue Tracking
Patch
Vendor Advisory
https://mantisbt.org/blog/archives/mantisbt/665
Release Notes
Vendor Advisory
https://mantisbt.org/bugs/view.php?id=27056
Exploit
Issue Tracking
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*

Версия до 2.24.2 (исключая)

EPSS

Процентиль: 50%

0.00274

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2020-16266

CVSS3: 5.4

debian

больше 5 лет назад

An XSS issue was discovered in MantisBT before 2.24.2. Improper escapi ...

GHSA-4rrc-5vp6-m3f6

CVSS3: 5.4

github

больше 3 лет назад

MantisBT XSS issue on the view_all_bug_page.php

EPSS

Процентиль: 50%

0.00274

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79