Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt mantisbt 1.2.0 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2013-1934
A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 prior to 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value.
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt
Debian Debian Linux 7.0
5.4
CVSSv3
CVE-2014-9271
Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT prior to 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename.
Debian Debian Linux 7.0
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.1.3
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.5
NA
CVE-2015-1042
The string_sanitize_url function in core/string_api.php in MantisBT 1.2.0a3 up to and including 1.2.18 uses an incorrect regular expression, which allows remote malicious users to conduct open redirect and phishing attacks via a URL with a ":/" (colon slash) separator i...
Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.2.18
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.6
NA
CVE-2014-9272
The string_insert_href function in MantisBT 1.2.0a1 up to and including 1.2.x prior to 1.2.18 does not properly validate the URL protocol, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via the javascript:// protocol.
Debian Debian Linux 7.0
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.1.3
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.5
NA
CVE-2014-9269
Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 up to and including 1.2.x prior to 1.2.18, when Extended project browser is enabled, allows remote malicious users to inject arbitrary web script or HTML via the project cookie.
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.2.0a2
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 1.2.0a1
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.2.14
NA
CVE-2014-9270
Cross-site scripting (XSS) vulnerability in the projax_array_serialize_for_autocomplete function in core/projax_api.php in MantisBT 1.1.0a3 up to and including 1.2.17 allows remote malicious users to inject arbitrary web script or HTML via the "profile/Platform" field.
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.1.3
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.0.6
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.0.1
NA
CVE-2014-9279
The print_test_result function in admin/upgrade_unattended.php in MantisBT 1.1.0a3 up to and including 1.2.x prior to 1.2.18 allows remote malicious users to obtain database credentials via a URL in the hostname parameter and reading the parameters in the response sent to the URL...
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.0.9
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.0.6
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.16
NA
CVE-2014-7146
The XmlImportExport plugin in MantisBT 1.2.17 and previous versions allows remote malicious users to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function wi...
Mantisbt Mantisbt 1.2.17
2 EDB exploits
NA
CVE-2014-8554
SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT prior to 1.2.18 allows remote malicious users to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists because of an incomplete...
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.1.3
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.0a2
Mantisbt Mantisbt 1.2.0a1
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.0.9
NA
CVE-2014-6387
gpc_api.php in MantisBT 1.2.17 and previous versions allows remote malicious users to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind.
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »