{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-06T05:42:18.137","vulnerabilities":[{"cve":{"id":"CVE-2023-49802","sourceIdentifier":"security-advisories@github.com","published":"2023-12-11T22:15:06.730","lastModified":"2026-06-17T06:36:29.793","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The LinkedCustomFields plugin for MantisBT allows users to link values between two custom fields, creating linked drop-downs. Prior to version 2.0.1, cross-site scripting in the MantisBT LinkedCustomFields plugin allows Javascript execution, when a crafted Custom Field is linked via the plugin and displayed when reporting a new Issue or editing an existing one. This issue is fixed in version 2.0.1. As a workaround, one may utilize MantisBT's default Content Security Policy, which blocks script execution."},{"lang":"es","value":"El complemento LinkedCustomFields para MantisBT permite a los usuarios vincular valores entre dos campos personalizados, creando menús desplegables vinculados. Antes de la versión 2.0.1, cross-site scripting en el complemento MantisBT LinkedCustomFields permitían la ejecución de Javascript, cuando un campo personalizado manipulado se vincula a través del complemento y se muestra al informar un nuevo problema o editar uno existente. Este problema se solucionó en la versión 2.0.1. Como workaround, se puede utilizar la Política de Seguridad de Contenido predeterminada de MantisBT, que bloquea la ejecución del script."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"mantisbt-plugins","product":"LinkedCustomFields","versions":[{"version":"< 2.0.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":5.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-08-28T15:12:18.863462Z","id":"CVE-2023-49802","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mantisbt:linked_custom_fields:*:*:*:*:*:mantisbt:*:*","versionEndExcluding":"2.0.1","matchCriteriaId":"0A8DBAA5-48FF-4744-A583-D7CA7A1DAFF1"}]}]}],"references":[{"url":"https://github.com/mantisbt-plugins/LinkedCustomFields/commit/30e5ae751e40d7ae18bfd794fd48671477b3d286","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/mantisbt-plugins/LinkedCustomFields/issues/10","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/mantisbt-plugins/LinkedCustomFields/pull/11","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/mantisbt-plugins/LinkedCustomFields/security/advisories/GHSA-2f37-9xpx-5hhw","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/mantisbt-plugins/LinkedCustomFields/commit/30e5ae751e40d7ae18bfd794fd48671477b3d286","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/mantisbt-plugins/LinkedCustomFields/issues/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/mantisbt-plugins/LinkedCustomFields/pull/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://github.com/mantisbt-plugins/LinkedCustomFields/security/advisories/GHSA-2f37-9xpx-5hhw","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}