Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-0197
Cross-site scripting (XSS) vulnerability in the filter_draw_selection_area2 function in core/filter_api.php in MantisBT 1.2.12 prior to 1.2.13 allows remote malicious users to inject arbitrary web script or HTML via the match_type parameter to bugs/search.php.
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.13
6.1
CVSSv3
CVE-2017-7897
A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x prior to 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote malicious users to inject arbitrary code (if CSP settings permit it) through ...
Mantisbt Mantisbt 2.3.1
Mantisbt Mantisbt 2.3.0
5.4
CVSSv3
CVE-2013-1934
A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 prior to 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value.
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt
Debian Debian Linux 7.0
6.1
CVSSv3
CVE-2019-15539
The proj_doc_edit_page.php Project Documentation feature in MantisBT prior to 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed...
Mantisbt Mantisbt
6.1
CVSSv3
CVE-2017-7222
A cross-site scripting (XSS) vulnerability in MantisBT prior to 2.1.1 allows remote malicious users to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged ...
Mantisbt Mantisbt
7.5
CVSSv3
CVE-2014-9624
CAPTCHA bypass vulnerability in MantisBT prior to 1.2.19.
Mantisbt Mantisbt
NA
CVE-2014-8553
The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT prior to 1.2.18 allows remote malicious users to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_get, (3) mc_filter_get_issues, or (4) mc_project_get_issues SOAP request.
Mantisbt Mantisbt
5.4
CVSSv3
CVE-2018-17782
A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 up to and including 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.
Mantisbt Mantisbt
5.4
CVSSv3
CVE-2018-17783
A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 up to and including 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.
Mantisbt Mantisbt
6.1
CVSSv3
CVE-2017-6799
A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT prior to 2.2.1 allows remote malicious users to inject arbitrary JavaScript via the 'view_type' parameter.
Mantisbt Mantisbt
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »