Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2020-25781
An issue exists in file_download.php in MantisBT prior to 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.
Mantisbt Mantisbt
4.8
CVSSv3
CVE-2020-25830
An issue exists in MantisBT prior to 2.24.3. Improper escaping of a custom field's name allows an malicious user to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bug_actiongroup_page.php.
Mantisbt Mantisbt
NA
CVE-2014-9117
MantisBT prior to 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote malicious users to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPTCHA answer for a public_key parameter value, as demonstrated by E4652 for...
Mantisbt Mantisbt
6.1
CVSSv3
CVE-2020-35571
An issue exists in MantisBT up to and including 2.24.3. In the helper_ensure_confirmed call in manage_custom_field_update.php, the custom field name is not sanitized. This may be problematic depending on CSP settings.
Mantisbt Mantisbt
4.7
CVSSv3
CVE-2018-16514
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filter_edit_page.php) in MantisBT 2.1.0 up to and including 2.17.0 allows remote malicious users to inject arbitrary code (if CSP settings permit it) through a...
Mantisbt Mantisbt
6.1
CVSSv3
CVE-2018-14504
An issue exists in manage_filter_edit_page.php in MantisBT 2.x up to and including 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'f...
Mantisbt Mantisbt
5.3
CVSSv3
CVE-2014-9759
Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x prior to 1.3.0 allows remote malicious users to obtain sensitive master salt configuration information via a SOAP API request.
Mantisbt Mantisbt 1.3.0
3.3
CVSSv3
CVE-2018-6382
MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is intended to execute arbitrary SQL ...
Mantisbt Mantisbt 2.10.0
NA
CVE-2013-1810
Multiple cross-site scripting (XSS) vulnerabilities in core/summary_api.php in MantisBT 1.2.12 allow remote authenticated users with manager or administrator permissions to inject arbitrary web script or HTML via a (1) category name in the summary_print_by_category function or (2...
Mantisbt Mantisbt 1.2.12
NA
CVE-2010-2574
Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action.
Mantisbt Mantisbt 1.2.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »