Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantis vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2013-1811
An access control issue in MantisBT prior to 1.2.13 allows users with "Reporter" permissions to change any issue to "New".
Mantisbt Mantisbt
Debian Debian Linux 6.0
Debian Debian Linux 7.0
NA
CVE-2011-3358
Multiple cross-site scripting (XSS) vulnerabilities in MantisBT prior to 1.2.8 allow remote malicious users to inject arbitrary web script or HTML via the (1) os, (2) os_build, or (3) platform parameter to (a) bug_report_page.php or (b) bug_update_advanced_page.php, related to us...
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.0.6
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 0.19.4
NA
CVE-2014-8553
The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT prior to 1.2.18 allows remote malicious users to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_get, (3) mc_filter_get_issues, or (4) mc_project_get_issues SOAP request.
Mantisbt Mantisbt
NA
CVE-2012-1118
The access_has_bug_level function in core/access_api.php in MantisBT prior to 1.2.9 does not properly restrict access when the private_bug_view_threshold is set to an array, which allows remote malicious users to bypass intended restrictions and perform certain operations on priv...
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.2.0a2
Mantisbt Mantisbt 0.19.0
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.2.0a1
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 0.19.1
Mantisbt Mantisbt 0.19.2
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.0.6
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 1.1.4
NA
CVE-2012-1122
bug_actiongroup.php in MantisBT prior to 1.2.9 does not properly check the report_bug_threshold permission of the receiving project when moving a bug report, which allows remote authenticated users with the report_bug_threshold and move_bug_threshold privileges for a project to b...
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 0.19.0a1
Mantisbt Mantisbt 0.19.0a2
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.2.0a2
Mantisbt Mantisbt 0.19.0
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.0.6
NA
CVE-2014-8554
SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT prior to 1.2.18 allows remote malicious users to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists because of an incomplete...
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.1.3
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.0a2
Mantisbt Mantisbt 1.2.0a1
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.0.9
NA
CVE-2014-8986
Cross-site scripting (XSS) vulnerability in the selection list in the filters in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 up to and including 1.2.17 allows remote administrators to inject arbitrary web script or HTML via a crafted config option, a ...
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.2.13
NA
CVE-2014-9117
MantisBT prior to 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote malicious users to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPTCHA answer for a public_key parameter value, as demonstrated by E4652 for...
Mantisbt Mantisbt
NA
CVE-2014-9270
Cross-site scripting (XSS) vulnerability in the projax_array_serialize_for_autocomplete function in core/projax_api.php in MantisBT 1.1.0a3 up to and including 1.2.17 allows remote malicious users to inject arbitrary web script or HTML via the "profile/Platform" field.
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.1.3
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.0.6
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.0.1
NA
CVE-2014-9272
The string_insert_href function in MantisBT 1.2.0a1 up to and including 1.2.x prior to 1.2.18 does not properly validate the URL protocol, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via the javascript:// protocol.
Debian Debian Linux 7.0
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.1.3
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »