An issue exists in MantisBT prior to 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of arbitrary JavaScript.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mantisbt mantisbt |