A cross-site scripting (XSS) vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 for MantisBT. The repo_delete.php Delete Repository page allows execution of arbitrary code via a repo name (if CSP settings permit it). This is related to CVE-2018-16362.
{
"source": [
"CPE_RANGE",
"REFERENCES"
],
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.6.2"
},
{
"introduced": "2.0.0"
},
{
"fixed": "2.3.1"
}
],
"cpe": "cpe:2.3:a:mantisbt:source_integration:*:*:*:*:*:mantisbt:*:*"
}