Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt mantisbt vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2022-26144
An XSS issue exists in MantisBT prior to 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code (if CSP allows it) in manage_plugin_page.php and manage_plugin_uninstall.php when a crafted plugin is installed.
Mantisbt Mantisbt
4.3
CVSSv2
CVE-2021-33557
An XSS issue exists in manage_custom_field_edit_page.php in MantisBT prior to 2.25.2. Unescaped output of the return parameter allows an malicious user to inject code into a hidden input field.
Mantisbt Mantisbt
4.3
CVSSv2
CVE-2020-35571
An issue exists in MantisBT up to and including 2.24.3. In the helper_ensure_confirmed call in manage_custom_field_update.php, the custom field name is not sanitized. This may be problematic depending on CSP settings.
Mantisbt Mantisbt
4.3
CVSSv2
CVE-2019-15539
The proj_doc_edit_page.php Project Documentation feature in MantisBT prior to 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed...
Mantisbt Mantisbt
4.3
CVSSv2
CVE-2020-8981
A cross-site scripting (XSS) vulnerability exists in the Source Integration plugin prior to 1.6.2 and 2.x prior to 2.3.1 for MantisBT. The repo_delete.php Delete Repository page allows execution of arbitrary code via a repo name (if CSP settings permit it). This is related to CVE...
Mantisbt Source Integration
4.3
CVSSv2
CVE-2009-2802
MantisBT 1.2.x prior to 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks.
Mantisbt Mantisbt
4.3
CVSSv2
CVE-2013-1931
A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote malicious users to inject arbitrary web script or HTML via a version, related to deleting a version.
Mantisbt Mantisbt 1.2.14
Fedoraproject Fedora 17
Fedoraproject Fedora 18
4.3
CVSSv2
CVE-2018-16362
An issue exists in the Source Integration plugin prior to 1.5.9 and 2.x prior to 2.1.5 for MantisBT. A cross-site scripting (XSS) vulnerability in the Manage Repository and Changesets List pages allows execution of arbitrary code (if CSP settings permit it) via repo_manage_page.p...
Mantisbt Source Integration
4.3
CVSSv2
CVE-2018-14504
An issue exists in manage_filter_edit_page.php in MantisBT 2.x up to and including 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'f...
Mantisbt Mantisbt
4.3
CVSSv2
CVE-2018-13055
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 up to and including 2.15.0 allows remote malicious users to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO.
Mantisbt Mantisbt
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »