Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt mantisbt 1.2.19 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2015-2046
Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later prior to 1.2.20.
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.19
Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.2.18
Mantisbt Mantisbt 1.2.16
NA
CVE-2015-1042
The string_sanitize_url function in core/string_api.php in MantisBT 1.2.0a3 up to and including 1.2.18 uses an incorrect regular expression, which allows remote malicious users to conduct open redirect and phishing attacks via a URL with a ":/" (colon slash) separator i...
Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.2.18
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.6
4.8
CVSSv3
CVE-2017-7241
A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote malicious users to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) settings all...
Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.2.18
Mantisbt Mantisbt 1.2.19
Mantisbt Mantisbt 1.2.20
Mantisbt Mantisbt 2.0.1
Mantisbt Mantisbt 2.1.0
Mantisbt Mantisbt 2.0.0
Mantisbt Mantisbt 1.3.7
Mantisbt Mantisbt 1.3.8
Mantisbt Mantisbt 2.2.1
Mantisbt Mantisbt 2.1.3
Mantisbt Mantisbt 1.3.5
Mantisbt Mantisbt 1.3.6
Mantisbt Mantisbt 2.2.2
Mantisbt Mantisbt 2.2.3
Mantisbt Mantisbt 1.3.0
Mantisbt Mantisbt 2.1.1
Mantisbt Mantisbt 2.1.2
Mantisbt Mantisbt 1.3.1
Mantisbt Mantisbt 1.3.2
Mantisbt Mantisbt 1.3.9
Mantisbt Mantisbt 2.3.0
NA
CVE-2014-6316
core/string_api.php in MantisBT prior to 1.2.18 does not properly categorize URLs when running under the web root, which allows remote malicious users to conduct open redirect and phishing attacks via a crafted URL in the return parameter to login_page.php.
Mantisbt Mantisbt
6.1
CVSSv3
CVE-2016-6837
Cross-site scripting (XSS) vulnerability in MantisBT Filter API in MantisBT versions prior to 1.2.19, and versions 2.0.0-beta1, 1.3.0-beta1 allows remote malicious users to inject arbitrary web script or HTML via the 'view_type' parameter.
Mantisbt Mantisbt 2.0.0
Mantisbt Mantisbt 1.3.0
Mantisbt Mantisbt
6.5
CVSSv3
CVE-2014-9701
Cross-site scripting (XSS) vulnerability in MantisBT prior to 1.2.19 and 1.3.x prior to 1.3.0-beta.2 allows remote malicious users to inject arbitrary web script or HTML via the url parameter to permalink_page.php.
Mantisbt Mantisbt 1.3.0
Mantisbt Mantisbt
NA
CVE-2014-9573
SQL injection vulnerability in manage_user_page.php in MantisBT prior to 1.2.19 and 1.3.x prior to 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie.
Mantisbt Mantisbt
Mantisbt Mantisbt 1.3.0
NA
CVE-2014-9572
MantisBT prior to 1.2.19 and 1.3.x prior to 1.3.0-beta.2 does not properly restrict access to /*/install.php, which allows remote malicious users to obtain database credentials via the install parameter with the value 4.
Mantisbt Mantisbt 1.3.0
Mantisbt Mantisbt
NA
CVE-2014-9571
Cross-site scripting (XSS) vulnerability in admin/install.php in MantisBT prior to 1.2.19 and 1.3.x prior to 1.3.0-beta.2 allows remote malicious users to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter.
Mantisbt Mantisbt 1.3.0
Mantisbt Mantisbt
7.5
CVSSv3
CVE-2014-9624
CAPTCHA bypass vulnerability in MantisBT prior to 1.2.19.
Mantisbt Mantisbt
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »