Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt mantisbt 1.2.17 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-8986
Cross-site scripting (XSS) vulnerability in the selection list in the filters in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 up to and including 1.2.17 allows remote administrators to inject arbitrary web script or HTML via a crafted config option, a ...
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.2.14
NA
CVE-2014-8987
Cross-site scripting (XSS) vulnerability in the "set configuration" box in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 up to and including 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the config_option param...
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.2.14
NA
CVE-2014-7146
The XmlImportExport plugin in MantisBT 1.2.17 and previous versions allows remote malicious users to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function wi...
Mantisbt Mantisbt 1.2.17
2 EDB exploits
NA
CVE-2014-8988
MantisBT prior to 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict access to attachments and a...
Mantisbt Mantisbt 1.2.17
6.1
CVSSv3
CVE-2015-2046
Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later prior to 1.2.20.
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.18
Mantisbt Mantisbt 1.2.19
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.2.14
NA
CVE-2015-1042
The string_sanitize_url function in core/string_api.php in MantisBT 1.2.0a3 up to and including 1.2.18 uses an incorrect regular expression, which allows remote malicious users to conduct open redirect and phishing attacks via a URL with a ":/" (colon slash) separator i...
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.18
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.14
4.8
CVSSv3
CVE-2017-7241
A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote malicious users to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) settings all...
Mantisbt Mantisbt 2.3.0
Mantisbt Mantisbt 2.1.0
Mantisbt Mantisbt 2.0.0
Mantisbt Mantisbt 2.1.2
Mantisbt Mantisbt 1.3.4
Mantisbt Mantisbt 2.1.3
Mantisbt Mantisbt 1.3.0
Mantisbt Mantisbt 1.2.18
Mantisbt Mantisbt 2.1.1
Mantisbt Mantisbt 2.2.2
Mantisbt Mantisbt 2.2.1
Mantisbt Mantisbt 1.3.7
Mantisbt Mantisbt 1.2.19
Mantisbt Mantisbt 1.3.3
Mantisbt Mantisbt 2.0.1
Mantisbt Mantisbt 1.3.8
Mantisbt Mantisbt 1.3.9
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.3.2
Mantisbt Mantisbt 1.3.5
Mantisbt Mantisbt 2.2.3
Mantisbt Mantisbt 1.2.17
NA
CVE-2014-9269
Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 up to and including 1.2.x prior to 1.2.18, when Extended project browser is enabled, allows remote malicious users to inject arbitrary web script or HTML via the project cookie.
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.2.0a1
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.0a2
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.1
NA
CVE-2014-9270
Cross-site scripting (XSS) vulnerability in the projax_array_serialize_for_autocomplete function in core/projax_api.php in MantisBT 1.1.0a3 up to and including 1.2.17 allows remote malicious users to inject arbitrary web script or HTML via the "profile/Platform" field.
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.0.9
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.1.7
NA
CVE-2014-9279
The print_test_result function in admin/upgrade_unattended.php in MantisBT 1.1.0a3 up to and including 1.2.x prior to 1.2.18 allows remote malicious users to obtain database credentials via a URL in the hostname parameter and reading the parameters in the response sent to the URL...
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.0.9
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.1.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »