Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2014-9117
MantisBT prior to 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote malicious users to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPTCHA answer for a public_key parameter value, as demonstrated by E4652 for...
Mantisbt Mantisbt
7.5
CVSSv2
CVE-2014-9280
The current_user_get_bug_filter function in core/current_user_api.php in MantisBT prior to 1.2.18 allows remote malicious users to execute arbitrary PHP code via the filter parameter.
Mantisbt Mantisbt
4.3
CVSSv2
CVE-2014-9281
Cross-site scripting (XSS) vulnerability in admin/copy_field.php in MantisBT prior to 1.2.18 allows remote malicious users to inject arbitrary web script or HTML via the dest_id field.
Mantisbt Mantisbt
4.3
CVSSv2
CVE-2017-12061
An XSS issue exists in admin/install.php in MantisBT prior to 1.3.12 and 2.x prior to 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote malicious users to inject arbitrary JavaScript code, ...
Mantisbt Mantisbt
5
CVSSv2
CVE-2014-9388
bug_report.php in MantisBT prior to 1.2.18 allows remote malicious users to assign arbitrary issues via the handler_id parameter.
Mantisbt Mantisbt
3.5
CVSSv2
CVE-2014-9506
MantisBT prior to 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues.
Mantisbt Mantisbt
4
CVSSv2
CVE-2020-28413
In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP.
Mantisbt Mantisbt 2.24.3
5
CVSSv2
CVE-2011-3755
MantisBT 1.2.4 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by view_all_inc.php and certain other files.
Mantisbt Mantisbt 1.2.4
2.1
CVSSv2
CVE-2010-2574
Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action.
Mantisbt Mantisbt 1.2.2
2.1
CVSSv2
CVE-2013-1810
Multiple cross-site scripting (XSS) vulnerabilities in core/summary_api.php in MantisBT 1.2.12 allow remote authenticated users with manager or administrator permissions to inject arbitrary web script or HTML via a (1) category name in the summary_print_by_category function or (2...
Mantisbt Mantisbt 1.2.12
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »