CVE-2017-6958

MEDIUM

MantisBT Source Integration Plugin <2.0.2 - XSS

Title source: llm

Description

An XSS vulnerability in the MantisBT Source Integration Plugin (before 2.0.2) search result page allows an attacker to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by crafting any valid parameter.

References (1)

[Patch, Third Party Advisory] https://github.com/mantisbt-plugins/source-integration/issues/205

Scores

CVSS v3 6.1

EPSS 0.0033

EPSS Percentile 55.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (2)

mantisbt/source_integration < 2.0.1

n/a/n/a

Timeline

Published Mar 17, 2017

Tracked Since Feb 18, 2026