CVE-2026-40596
EPSS 0.06%MantisBT is Vulnerable to XSS leading to account takeover via updating a user's font family preference
發布日:2026/5/11修改日:2026/5/11
描述
Any authenticated user can inject arbitrary HTML via updating their account's font family. ### Impact Cross-site scripting. The injected payload will be reflected in every MantisBT page. Leveraging another vulnerability (CSP bypass, see [GHSA-9c3j-xm6v-j7j3](https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3)), the attacker could achieve account takeover. ### Patches - 9e8409cdd979eba86ef532756fc47c1d8112d22d ### Workarounds None ### Credits Thanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.
受影響套件(1)
- Packagist/mantisbt/mantisbt>= 2.11.0, < 2.28.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L |
參考連結(6)
- PATCHhttps://github.com/mantisbt/mantisbt
- WEBhttps://github.com/mantisbt/mantisbt/commit/9e8409cdd979eba86ef532756fc47c1d8112d22d
- WEBhttps://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3
- WEBhttps://github.com/mantisbt/mantisbt/security/advisories/GHSA-j3v9-553h-x28j
- WEBhttps://mantisbt.org/bugs/view.php?id=37011
- WEBhttps://mantisbt.org/bugs/view.php?id=37016