7.2

CVE-2026-40596

MantisBT is vulnerable to XSS and potential account takeover via user font family preference update

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.11.0 through 2.28.1 allow any authenticated user to inject arbitrary HTML by updating their account's font family. Upon exploitation, an XSS payload would be reflected on every MantisBT page. Leveraging another vulnerability (CSP bypass, see GHSA-9c3j-xm6v-j7j3), the attacker could achieve account takeover. This issue has been fixed in version 2.28.2.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellermantisbt
Produkt mantisbt
Version >= 2.11.0, < 2.28.2
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.42% 0.338
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
a0819718-46f1-4df5-94e2-005712e83aaa 7.2 0 0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-j3v9-553h-x28j
x_refsource_CONFIRM
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3
x_refsource_MISC
https://github.com/mantisbt/mantisbt/commit/9e8409cdd979eba86ef532756fc47c1d8112d22d
x_refsource_MISC
https://mantisbt.org/bugs/view.php?id=37011
x_refsource_MISC
https://mantisbt.org/bugs/view.php?id=37016
x_refsource_MISC