Back

CVE-2024-34081

May 14, 2024, 4:12 p.m.

Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

Products

MantisBT

  • 2.26.2

Source

security-advisories@github.com

Tags

security-advisories@github.com
CWE-79
2024-05-14
CVE-2024-34081

CVE-2024-34081 details

Published : May 14, 2024, 3:38 p.m.
Last Modified : May 14, 2024, 4:12 p.m.

Description

MantisBT (Mantis Bug Tracker) is an open source issue tracker. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues (`bug_change_status_page.php`) belonging to a project linking said custom field, viewing issues (`view_all_bug_page.php`) when the custom field is displayed as a column, or printing issues (`print_all_bug_page.php`) when the custom field is displayed as a column. Version 2.26.2 contains a patch for the issue. As a workaround, ensure Custom Field Names do not contain HTML tags.

CVSS Score

1 2 3 4 5 6.6 7 8 9 10

Weakness

Weakness Name Description

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

Base Score

6.6

Exploitability Score

Impact Score

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

References

URL Source
https://github.com/mantisbt/mantisbt/commit/447a521aae0f82f791b8116a14a20e276df739be security-advisories@github.com
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-wgx7-jp56-65mq security-advisories@github.com
https://mantisbt.org/bugs/view.php?id=34432 security-advisories@github.com
This website uses the NVD API, but is not approved or certified by it.