CVE-2024-34081
MEDIUM EPSS 46.2%
Published May 14, 20242y ago · Modified Jun 17, 20262w ago
4.8 CVSS 3.1
Published May 14, 2024 2y ago
Last Modified Jun 17, 2026 2w ago
Description
MantisBT (Mantis Bug Tracker) is an open source issue tracker. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues (`bug_change_status_page.php`) belonging to a project linking said custom field, viewing issues (`view_all_bug_page.php`) when the custom field is displayed as a column, or printing issues (`print_all_bug_page.php`) when the custom field is displayed as a column. Version 2.26.2 contains a patch for the issue. As a workaround, ensure Custom Field Names do not contain HTML tags.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Low
Availability None
Threat Intelligence
EPSS Exploit Probability
46.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| mantisbt | mantisbt | * | <2.26.2 |
References 3
- github.com https://github.com/mantisbt/mantisbt/commit/447a521aae0f82f791b8116a14a20e276df739be
- github.com https://github.com/mantisbt/mantisbt/security/advisories/GHSA-wgx7-jp56-65mq
- mantisbt.org https://mantisbt.org/bugs/view.php?id=34432
Remediation
- github.com https://github.com/mantisbt/mantisbt/commit/447a521aae0f82f791b8116a14a20e276df739be
- github.com https://github.com/mantisbt/mantisbt/security/advisories/GHSA-wgx7-jp56-65mq