Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt mantisbt 1.2.13 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2013-1811
An access control issue in MantisBT prior to 1.2.13 allows users with "Reporter" permissions to change any issue to "New".
Mantisbt Mantisbt
Debian Debian Linux 7.0
Debian Debian Linux 6.0
5.4
CVSSv3
CVE-2013-1932
A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name.
Mantisbt Mantisbt 1.2.13
6.1
CVSSv3
CVE-2015-2046
Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later prior to 1.2.20.
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.18
Mantisbt Mantisbt 1.2.19
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.2.14
NA
CVE-2014-8987
Cross-site scripting (XSS) vulnerability in the "set configuration" box in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 up to and including 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the config_option param...
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.2.14
NA
CVE-2015-1042
The string_sanitize_url function in core/string_api.php in MantisBT 1.2.0a3 up to and including 1.2.18 uses an incorrect regular expression, which allows remote malicious users to conduct open redirect and phishing attacks via a URL with a ":/" (colon slash) separator i...
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.18
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.14
5.4
CVSSv3
CVE-2014-9271
Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT prior to 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename.
Debian Debian Linux 7.0
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.1.7
NA
CVE-2014-9272
The string_insert_href function in MantisBT 1.2.0a1 up to and including 1.2.x prior to 1.2.18 does not properly validate the URL protocol, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via the javascript:// protocol.
Debian Debian Linux 7.0
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.1.7
NA
CVE-2014-9269
Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 up to and including 1.2.x prior to 1.2.18, when Extended project browser is enabled, allows remote malicious users to inject arbitrary web script or HTML via the project cookie.
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.2.0a1
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.0a2
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.1
NA
CVE-2014-9270
Cross-site scripting (XSS) vulnerability in the projax_array_serialize_for_autocomplete function in core/projax_api.php in MantisBT 1.1.0a3 up to and including 1.2.17 allows remote malicious users to inject arbitrary web script or HTML via the "profile/Platform" field.
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.0.9
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.1.7
NA
CVE-2014-9279
The print_test_result function in admin/upgrade_unattended.php in MantisBT 1.1.0a3 up to and including 1.2.x prior to 1.2.18 allows remote malicious users to obtain database credentials via a URL in the hostname parameter and reading the parameters in the response sent to the URL...
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.0.9
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.1.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »