CVE-2020-35571

An issue was discovered in MantisBT through 2.24.3. In the helper_ensure_confirmed call in manage_custom_field_update.php, the custom field name is not sanitized. This may be problematic depending on CSP settings.
References
Link Resource
https://mantisbt.org/bugs/view.php?id=27768 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*

Information

Published : 2021-02-22 03:15

Updated : 2021-02-26 04:23


NVD link : CVE-2020-35571

Mitre link : CVE-2020-35571


JSON object : View

Products Affected

mantisbt

  • mantisbt
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')