[MEDIUM] MantisBT XSS through weak CSP when using Gravatar plugin

PKSA-hbgw-6kfd-yvsm CVE-2016-7111 GHSA-8vx9-hcvq-gfv8

Affected package: mantisbt/mantisbt

Affected version: =2.0.0-beta.1|<=1.3.0

Reported by:
GitHub