Mantisbt · Mantisbt · CVE-2016-7111
**Name of the Vulnerable Software and Affected Versions**
MantisBT versions prior to 1.3.1
MantisBT versions 2.x prior to 2.0.0-beta.2
**Description**
The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors when the Gravatar plugin is used, due to a weak Content Security Policy.
**Recommendations**
For MantisBT versions prior to 1.3.1, update to version 1.3.1 or later.
For MantisBT versions 2.x prior to 2.0.0-beta.2, update to version 2.0.0-beta.2 or later.