Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt mantisbt vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2014-9117
MantisBT prior to 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote malicious users to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPTCHA answer for a public_key parameter value, as demonstrated by E4652 for...
Mantisbt Mantisbt
668
VMScore
CVE-2014-9280
The current_user_get_bug_filter function in core/current_user_api.php in MantisBT prior to 1.2.18 allows remote malicious users to execute arbitrary PHP code via the filter parameter.
Mantisbt Mantisbt
445
VMScore
CVE-2014-9388
bug_report.php in MantisBT prior to 1.2.18 allows remote malicious users to assign arbitrary issues via the handler_id parameter.
Mantisbt Mantisbt
383
VMScore
CVE-2017-12061
An XSS issue exists in admin/install.php in MantisBT prior to 1.3.12 and 2.x prior to 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote malicious users to inject arbitrary JavaScript code, ...
Mantisbt Mantisbt
312
VMScore
CVE-2020-16266
An XSS issue exists in MantisBT prior to 2.24.2. Improper escaping on view_all_bug_page.php allows a remote malicious user to inject arbitrary HTML into the page by saving it into a text Custom Field, leading to possible code execution in the browser of any user subsequently view...
Mantisbt Mantisbt
356
VMScore
CVE-2020-29603
In manage_proj_edit_page.php in MantisBT prior to 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them.
Mantisbt Mantisbt
312
VMScore
CVE-2013-1932
A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name.
Mantisbt Mantisbt 1.2.13
356
VMScore
CVE-2014-8988
MantisBT prior to 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict access to attachments and a...
Mantisbt Mantisbt 1.2.17
356
VMScore
CVE-2017-12419
If, after successful installation of MantisBT up to and including 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" section of the MantisBT Admin Guide), and the MySQL c...
Mantisbt Mantisbt 2.5.2
187
VMScore
CVE-2013-1810
Multiple cross-site scripting (XSS) vulnerabilities in core/summary_api.php in MantisBT 1.2.12 allow remote authenticated users with manager or administrator permissions to inject arbitrary web script or HTML via a (1) category name in the summary_print_by_category function or (2...
Mantisbt Mantisbt 1.2.12
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
malicious code
XML injection
CVE-2024-28020
CVE-2024-35252
CVE-2024-5833
CVE-2024-30066
injection
CVE-2024-23282
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »