Vulnerability Change Records for CVE-2023-49802
Change History
New CVE Received by NIST 12/11/2023 5:15:06 PM
Action |
Type |
Old Value |
New Value |
Added |
CVSS V3.1 |
|
GitHub, Inc. AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
|
Added |
CWE |
|
GitHub, Inc. CWE-79
|
Added |
Description |
|
The LinkedCustomFields plugin for MantisBT allows users to link values between two custom fields, creating linked drop-downs. Prior to version 2.0.1, cross-site scripting in the MantisBT LinkedCustomFields plugin allows Javascript execution, when a crafted Custom Field is linked via the plugin and displayed when reporting a new Issue or editing an existing one. This issue is fixed in version 2.0.1. As a workaround, one may utilize MantisBT's default Content Security Policy, which blocks script execution.
|
Added |
Reference |
|
GitHub, Inc. https://github.com/mantisbt-plugins/LinkedCustomFields/commit/30e5ae751e40d7ae18bfd794fd48671477b3d286 [No types assigned]
|
Added |
Reference |
|
GitHub, Inc. https://github.com/mantisbt-plugins/LinkedCustomFields/issues/10 [No types assigned]
|
Added |
Reference |
|
GitHub, Inc. https://github.com/mantisbt-plugins/LinkedCustomFields/pull/11 [No types assigned]
|
Added |
Reference |
|
GitHub, Inc. https://github.com/mantisbt-plugins/LinkedCustomFields/security/advisories/GHSA-2f37-9xpx-5hhw [No types assigned]
|
|