CVE-2020-8981
Published
CVSS v3
6.1
MEDIUM
CVSS v2
4.3
MEDIUM
Affected
1
PROJECT
Description
A cross-site scripting (XSS) vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 for MantisBT. The repo_delete.php Delete Repository page allows execution of arbitrary code via a repo name (if CSP settings permit it). This is related to CVE-2018-16362.
Source control integration plugin framework for MantisBT, including support for Github, Gitlab, Bitbucket, Gitea, Gitweb, Cgit, Subversion, Mercurial and more
GitHub