CVE-2020-25288 is a vulnerability in MantisBT
Published on September 30, 2020

An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of arbitrary JavaScript.

NVD

Products Associated with CVE-2020-25288

Want to know whenever a new CVE is published for MantisBT? stack.watch will email you.

MantisBT

Exploit Probability

EPSS

1.43%

Percentile

69.40%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-25288 is a vulnerability in MantisBTPublished on September 30, 2020

Products Associated with CVE-2020-25288

Exploit Probability

CVE-2020-25288 is a vulnerability in MantisBT
Published on September 30, 2020