CVE-2024-34081

MEDIUM EPSS 46.2%
Published May 14, 20242y ago · Modified Jun 17, 20262w ago
4.8 CVSS 3.1
Medium
Find Similar
Published May 14, 2024 2y ago
Last Modified Jun 17, 2026 2w ago

Description

MantisBT (Mantis Bug Tracker) is an open source issue tracker. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues (`bug_change_status_page.php`) belonging to a project linking said custom field, viewing issues (`view_all_bug_page.php`) when the custom field is displayed as a column, or printing issues (`print_all_bug_page.php`) when the custom field is displayed as a column. Version 2.26.2 contains a patch for the issue. As a workaround, ensure Custom Field Names do not contain HTML tags.

CVSS Details

Base Score
4.8
Exploitability
1.7
Impact
2.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
46.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
mantisbtmantisbt* <2.26.2

References 3

  • github.com https://github.com/mantisbt/mantisbt/commit/447a521aae0f82f791b8116a14a20e276df739be
    Patch
  • github.com https://github.com/mantisbt/mantisbt/security/advisories/GHSA-wgx7-jp56-65mq
    PatchVendor Advisory
  • mantisbt.org https://mantisbt.org/bugs/view.php?id=34432
    Issue TrackingMitigationVendor Advisory

Remediation

  • github.com https://github.com/mantisbt/mantisbt/commit/447a521aae0f82f791b8116a14a20e276df739be
    Patch
  • github.com https://github.com/mantisbt/mantisbt/security/advisories/GHSA-wgx7-jp56-65mq
    PatchVendor Advisory