Regad

**Name of the Vulnerable Software and Affected Versions** MantisBT LinkedCustomFields plugin versions prior to 2.0.1 **Description** The issue allows cross-site scripting in the MantisBT LinkedCustomFields plugin, enabling Javascript execution when a crafted Custom Field is linked via the plugin and displayed when reporting a new Issue or editing an existing one. This can be mitigated by utilizing MantisBT's default Content Security Policy, which blocks script execution. **Recommendations** For versions prior to 2.0.1, update to version 2.0.1 to resolve the issue. As a temporary workaround, consider utilizing MantisBT's default Content Security Policy to block script execution.