CVE-2024-34081
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
14/05/2024
Last modified:
16/01/2025
Description
MantisBT (Mantis Bug Tracker) is an open source issue tracker. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues (`bug_change_status_page.php`) belonging to a project linking said custom field, viewing issues (`view_all_bug_page.php`) when the custom field is displayed as a column, or printing issues (`print_all_bug_page.php`) when the custom field is displayed as a column. Version 2.26.2 contains a patch for the issue. As a workaround, ensure Custom Field Names do not contain HTML tags.
Impact
Base Score 3.x
6.60
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:* | 2.26.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/mantisbt/mantisbt/commit/447a521aae0f82f791b8116a14a20e276df739be
- https://github.com/mantisbt/mantisbt/security/advisories/GHSA-wgx7-jp56-65mq
- https://mantisbt.org/bugs/view.php?id=34432
- https://github.com/mantisbt/mantisbt/commit/447a521aae0f82f791b8116a14a20e276df739be
- https://github.com/mantisbt/mantisbt/security/advisories/GHSA-wgx7-jp56-65mq
- https://mantisbt.org/bugs/view.php?id=34432