An XSS issue exists in MantisBT prior to 2.24.2. Improper escaping on view_all_bug_page.php allows a remote malicious user to inject arbitrary HTML into the page by saving it into a text Custom Field, leading to possible code execution in the browser of any user subsequently viewing the issue (if CSP settings allow it).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mantisbt mantisbt |