7.2
CVE-2026-40596
- EPSS 0.42%
- Veröffentlicht 22.05.2026 19:25:32
- Zuletzt bearbeitet 22.05.2026 19:25:32
- Quelle a0819718-46f1-4df5-94e2-005712
- CVE-Watchlists
- Unerledigt
MantisBT is vulnerable to XSS and potential account takeover via user font family preference update
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.11.0 through 2.28.1 allow any authenticated user to inject arbitrary HTML by updating their account's font family. Upon exploitation, an XSS payload would be reflected on every MantisBT page. Leveraging another vulnerability (CSP bypass, see GHSA-9c3j-xm6v-j7j3), the attacker could achieve account takeover. This issue has been fixed in version 2.28.2.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellermantisbt
≫
Produkt
mantisbt
Version
>= 2.11.0, < 2.28.2
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.42% | 0.338 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| a0819718-46f1-4df5-94e2-005712e83aaa | 7.2 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L
|
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-j3v9-553h-x28j
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3
https://github.com/mantisbt/mantisbt/commit/9e8409cdd979eba86ef532756fc47c1d8112d22d
https://mantisbt.org/bugs/view.php?id=37011
https://mantisbt.org/bugs/view.php?id=37016