CVE-2020-25830

Published: Sep 30, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bug_actiongroup_page.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://mantisbt.org/bugs/view.php?id=27304

x_refsource_MISC

http://github.com/mantisbt/mantisbt/commit/8c6f4d8859785b67fb80ac65100ac5259ed9237d

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-25830

Description

Affected Products

References