Dregado

**Name of the Vulnerable Software and Affected Versions** MantisBT Source Integration plugin versions prior to 1.6.2 MantisBT Source Integration plugin versions 2.x prior to 2.3.1 **Description** A cross-site scripting (XSS) issue was found, allowing the execution of arbitrary code via a `repo name` on the repo delete.php Delete Repository page, provided that Content Security Policy (CSP) settings permit it. **Recommendations** For versions prior to 1.6.2, update to version 1.6.2 or later. For versions 2.x prior to 2.3.1, update to version 2.3.1 or later. As a temporary workaround, consider restricting access to the repo delete.php page until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MantisBT Source Integration plugin versions prior to 1.5.9 MantisBT Source Integration plugin versions 2.x prior to 2.1.5 **Description** A cross-site scripting (XSS) issue in the Manage Repository and Changesets List pages allows execution of arbitrary code, if Content Security Policy (CSP) settings permit it, via `repo manage page.php` or `list.php`. **Recommendations** For MantisBT Source Integration plugin versions prior to 1.5.9, update to version 1.5.9 or later. For MantisBT Source Integration plugin versions 2.x prior to 2.1.5, update to version 2.1.5 or later.