FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mantis -- multiple vulnerabilities

Affected packages
	mantis-php72	<	2.24.3,1
	mantis-php73	<	2.24.3,1
	mantis-php74	<	2.24.3,1
	mantis-php80	<	2.24.3,1

Details

VuXML ID	19259833-26b1-11eb-a239-1c697a013f4b
Discovery	2020-09-13
Entry	2020-11-14
Modified	2020-11-15

Mantis 2.24.3 release reports:

This release fixes 3 security issues:

0027039: CVE-2020-25781: Access to private bug note attachments

0027275: CVE-2020-25288: HTML Injection on bug_update_page.php

0027304: CVE-2020-25830: HTML Injection in bug_actiongroup_page.php

[source]

References

CVE Name	CVE-2020-25288
CVE Name	CVE-2020-25781
CVE Name	CVE-2020-25830
FreeBSD PR	ports/251141
URL	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25288
URL	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25781
URL	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25830