Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt mantisbt 1.2.18 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2014-9117
MantisBT prior to 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote malicious users to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPTCHA answer for a public_key parameter value, as demonstrated by E4652 for...
Mantisbt Mantisbt
5
CVSSv2
CVE-2014-6387
gpc_api.php in MantisBT 1.2.17 and previous versions allows remote malicious users to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind.
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.14
4.3
CVSSv2
CVE-2015-2046
Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later prior to 1.2.20.
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.18
Mantisbt Mantisbt 1.2.19
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.2.14
4.3
CVSSv2
CVE-2014-9271
Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT prior to 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename.
Debian Debian Linux 7.0
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.1.7
4.3
CVSSv2
CVE-2014-9272
The string_insert_href function in MantisBT 1.2.0a1 up to and including 1.2.x prior to 1.2.18 does not properly validate the URL protocol, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via the javascript:// protocol.
Debian Debian Linux 7.0
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.1.7
4.3
CVSSv2
CVE-2014-9281
Cross-site scripting (XSS) vulnerability in admin/copy_field.php in MantisBT prior to 1.2.18 allows remote malicious users to inject arbitrary web script or HTML via the dest_id field.
Mantisbt Mantisbt
4.3
CVSSv2
CVE-2014-9270
Cross-site scripting (XSS) vulnerability in the projax_array_serialize_for_autocomplete function in core/projax_api.php in MantisBT 1.1.0a3 up to and including 1.2.17 allows remote malicious users to inject arbitrary web script or HTML via the "profile/Platform" field.
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.0.9
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.1.7
4
CVSSv2
CVE-2013-1811
An access control issue in MantisBT prior to 1.2.13 allows users with "Reporter" permissions to change any issue to "New".
Mantisbt Mantisbt
Debian Debian Linux 7.0
Debian Debian Linux 6.0
4
CVSSv2
CVE-2014-8988
MantisBT prior to 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict access to attachments and a...
Mantisbt Mantisbt 1.2.17
3.5
CVSSv2
CVE-2013-1934
A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 prior to 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value.
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt
Debian Debian Linux 7.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »