Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2008-3102
Mantis 1.1.x up to and including 1.1.2 and 1.2.x up to and including 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote malicious users to capture this cookie.
Mantisbt Mantisbt 1.2.0a1
Mantisbt Mantisbt 1.2.0a2
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.2
6.5
CVSSv2
CVE-2014-2238
SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 up to and including 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filter_config_id parameter.
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.2.15
4.3
CVSSv2
CVE-2016-6837
Cross-site scripting (XSS) vulnerability in MantisBT Filter API in MantisBT versions prior to 1.2.19, and versions 2.0.0-beta1, 1.3.0-beta1 allows remote malicious users to inject arbitrary web script or HTML via the 'view_type' parameter.
Mantisbt Mantisbt 2.0.0
Mantisbt Mantisbt 1.3.0
Mantisbt Mantisbt
5
CVSSv2
CVE-2013-1883
Mantis Bug Tracker (aka MantisBT) 1.2.12 prior to 1.2.15 allows remote malicious users to cause a denial of service (resource consumption) via a filter using a criteria, text search, and the "any condition" match type.
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.2.13
4
CVSSv2
CVE-2018-9839
An issue exists in MantisBT up to and including 1.3.14, and 2.0.0. Using a crafted request on bug_report_page.php (modifying the 'm_id' parameter), any user with REPORTER access or above is able to view any private issue's details (summary, description, steps to re...
Mantisbt Mantisbt 2.0.0
Mantisbt Mantisbt
7.5
CVSSv2
CVE-2014-9572
MantisBT prior to 1.2.19 and 1.3.x prior to 1.3.0-beta.2 does not properly restrict access to /*/install.php, which allows remote malicious users to obtain database credentials via the install parameter with the value 4.
Mantisbt Mantisbt 1.3.0
Mantisbt Mantisbt
6
CVSSv2
CVE-2014-9573
SQL injection vulnerability in manage_user_page.php in MantisBT prior to 1.2.19 and 1.3.x prior to 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie.
Mantisbt Mantisbt
Mantisbt Mantisbt 1.3.0
4.3
CVSSv2
CVE-2014-9571
Cross-site scripting (XSS) vulnerability in admin/install.php in MantisBT prior to 1.2.19 and 1.3.x prior to 1.3.0-beta.2 allows remote malicious users to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter.
Mantisbt Mantisbt 1.3.0
Mantisbt Mantisbt
2.6
CVSSv2
CVE-2016-7111
MantisBT prior to 1.3.1 and 2.x prior to 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via unspecified vectors.
Mantisbt Mantisbt
Mantisbt Mantisbt 2.0.0
4.3
CVSSv2
CVE-2014-9701
Cross-site scripting (XSS) vulnerability in MantisBT prior to 1.2.19 and 1.3.x prior to 1.3.0-beta.2 allows remote malicious users to inject arbitrary web script or HTML via the url parameter to permalink_page.php.
Mantisbt Mantisbt 1.3.0
Mantisbt Mantisbt
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »