Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt mantisbt vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2014-9624
CAPTCHA bypass vulnerability in MantisBT prior to 1.2.19.
Mantisbt Mantisbt
383
VMScore
CVE-2017-12061
An XSS issue exists in admin/install.php in MantisBT prior to 1.3.12 and 2.x prior to 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote malicious users to inject arbitrary JavaScript code, ...
Mantisbt Mantisbt
312
VMScore
CVE-2018-17782
A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 up to and including 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.
Mantisbt Mantisbt
445
VMScore
CVE-2014-8553
The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT prior to 1.2.18 allows remote malicious users to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_get, (3) mc_filter_get_issues, or (4) mc_project_get_issues SOAP request.
Mantisbt Mantisbt
645
VMScore
CVE-2014-8598
The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote malicious users to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execu...
Mantisbt Mantisbt
1 EDB exploit
383
VMScore
CVE-2021-33557
An XSS issue exists in manage_custom_field_edit_page.php in MantisBT prior to 2.25.2. Unescaped output of the return parameter allows an malicious user to inject code into a hidden input field.
Mantisbt Mantisbt
357
VMScore
CVE-2020-28413
In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP.
Mantisbt Mantisbt 2.24.3
445
VMScore
CVE-2011-3755
MantisBT 1.2.4 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by view_all_inc.php and certain other files.
Mantisbt Mantisbt 1.2.4
760
VMScore
CVE-2014-7146
The XmlImportExport plugin in MantisBT 1.2.17 and previous versions allows remote malicious users to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function wi...
Mantisbt Mantisbt 1.2.17
2 EDB exploits
356
VMScore
CVE-2017-12419
If, after successful installation of MantisBT up to and including 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" section of the MantisBT Admin Guide), and the MySQL c...
Mantisbt Mantisbt 2.5.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »