Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt mantisbt 1.1.1 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2008-3102
Mantis 1.1.x up to and including 1.1.2 and 1.2.x up to and including 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote malicious users to capture this cookie.
Mantisbt Mantisbt 1.2.0a1
Mantisbt Mantisbt 1.2.0a2
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.2
4.9
CVSSv2
CVE-2012-1121
MantisBT prior to 1.2.9 does not properly check permissions, which allows remote authenticated users with manager privileges to (1) modify or (2) delete global categories.
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 0.19.1
Mantisbt Mantisbt 0.19.2
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 0.19.0
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.3
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.3
4.3
CVSSv2
CVE-2014-9272
The string_insert_href function in MantisBT 1.2.0a1 up to and including 1.2.x prior to 1.2.18 does not properly validate the URL protocol, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via the javascript:// protocol.
Debian Debian Linux 7.0
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.1.3
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.5
4.3
CVSSv2
CVE-2014-9271
Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT prior to 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename.
Debian Debian Linux 7.0
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.1.3
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.5
4.3
CVSSv2
CVE-2014-9270
Cross-site scripting (XSS) vulnerability in the projax_array_serialize_for_autocomplete function in core/projax_api.php in MantisBT 1.1.0a3 up to and including 1.2.17 allows remote malicious users to inject arbitrary web script or HTML via the "profile/Platform" field.
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.1.3
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.0.6
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.0.1
4.3
CVSSv2
CVE-2012-1118
The access_has_bug_level function in core/access_api.php in MantisBT prior to 1.2.9 does not properly restrict access when the private_bug_view_threshold is set to an array, which allows remote malicious users to bypass intended restrictions and perform certain operations on priv...
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.2.0a2
Mantisbt Mantisbt 0.19.0
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.2.0a1
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 0.19.1
Mantisbt Mantisbt 0.19.2
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.0.6
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 1.1.4
4.3
CVSSv2
CVE-2011-3356
Multiple cross-site scripting (XSS) vulnerabilities in config_defaults_inc.php in MantisBT prior to 1.2.8 allow remote malicious users to inject arbitrary web script or HTML via the PATH_INFO, as demonstrated by the PATH_INFO to (1) manage_config_email_page.php, (2) manage_config...
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.1.0
4.3
CVSSv2
CVE-2011-3578
Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT prior to 1.2.8 allows remote malicious users to inject arbitrary web script or HTML via the action parameter, related to bug_actiongroup_page.php, a different vulnerability than CVE-2011-3357.
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.6
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.0.8
4.3
CVSSv2
CVE-2011-2938
Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php in MantisBT prior to 1.2.7 allow remote malicious users to inject arbitrary web script or HTML via a parameter, as demonstrated by the project_id parameter to search.php.
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.0.6
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.0.0
1 EDB exploit
4.3
CVSSv2
CVE-2011-3358
Multiple cross-site scripting (XSS) vulnerabilities in MantisBT prior to 1.2.8 allow remote malicious users to inject arbitrary web script or HTML via the (1) os, (2) os_build, or (3) platform parameter to (a) bug_report_page.php or (b) bug_update_advanced_page.php, related to us...
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.0.6
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 0.19.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »