CVE-2020-25830 is a vulnerability in MantisBT
Published on September 30, 2020

An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bug_actiongroup_page.php.

Github Repository NVD

Products Associated with CVE-2020-25830

Want to know whenever a new CVE is published for MantisBT? stack.watch will email you.

MantisBT

Vulnerable Packages

The following package name and versions may be associated with CVE-2020-25830

Package Manager	Vulnerable Package	Versions	Fixed In
composer	mantisbt/mantisbt	< 2.26.2	2.26.2

Exploit Probability

EPSS

1.61%

Percentile

72.79%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-25830 is a vulnerability in MantisBTPublished on September 30, 2020

Products Associated with CVE-2020-25830

Vulnerable Packages

Exploit Probability

CVE-2020-25830 is a vulnerability in MantisBT
Published on September 30, 2020