Moderate severityNVD Advisory· Published Apr 13, 2022· Updated Aug 3, 2024
CVE-2022-26144
CVE-2022-26144
Description
An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code (if CSP allows it) in manage_plugin_page.php and manage_plugin_uninstall.php when a crafted plugin is installed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mantisbt/mantisbtPackagist | < 2.25.3 | 2.25.3 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-rqgj-rqfr-5j6fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-26144ghsaADVISORY
- github.com/mantisbt/mantisbt/commit/a7751c3e318011ca1314bc1cfea200d53e0dfff6ghsaWEB
- mantisbt.org/bugs/view.phpghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.