XSS Vulnerability in Source Integration Plugin for MantisBT
CVE-2020-8981

6.1MEDIUM

Key Information:

Vendor: Mantisbt
Status: Source Integration
Vendor: CVE Published:; 13 February 2020

What is CVE-2020-8981?

A cross-site scripting vulnerability exists in the Source Integration plugin for MantisBT prior to version 1.6.2 and for 2.x versions before 2.3.1. The vulnerability can be exploited through the repo_delete.php page, which may allow an attacker to execute arbitrary code if Cross-Site Policy (CSP) settings permit. This issue exposes users to potential security risks, making it essential to update the affected plugin versions promptly.

References

https://github.com/mantisbt-plugins/source-integration/is...

x_refsource_MISC

https://github.com/mantisbt-plugins/source-integration/co...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 13, 2020
Vulnerability Reserved
Feb 13, 2020

JSON

Mantisbt

What is CVE-2020-8981?

References

CVSS V3.1

Timeline