Mantisbt · Mantisbt Source Integration Plugin · CVE-2017-6958
**Name of the Vulnerable Software and Affected Versions**
MantisBT Source Integration Plugin versions prior to 2.0.2
**Description**
The issue allows an attacker to inject arbitrary HTML or JavaScript by crafting any valid parameter in the search result page, provided MantisBT's CSP settings permit it.
**Recommendations**
For versions prior to 2.0.2, update to version 2.0.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the search result page until a patch is available. Avoid using crafted parameters in the search result page until the issue is resolved.