Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-7897
A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x prior to 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote malicious users to inject arbitrary code (if CSP settings permit it) through ...
Mantisbt Mantisbt 2.3.1
Mantisbt Mantisbt 2.3.0
NA
CVE-2013-0197
Cross-site scripting (XSS) vulnerability in the filter_draw_selection_area2 function in core/filter_api.php in MantisBT 1.2.12 prior to 1.2.13 allows remote malicious users to inject arbitrary web script or HTML via the match_type parameter to bugs/search.php.
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.13
5.4
CVSSv3
CVE-2013-1934
A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 prior to 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value.
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt
Debian Debian Linux 7.0
6.1
CVSSv3
CVE-2017-7222
A cross-site scripting (XSS) vulnerability in MantisBT prior to 2.1.1 allows remote malicious users to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged ...
Mantisbt Mantisbt
6.1
CVSSv3
CVE-2021-33557
An XSS issue exists in manage_custom_field_edit_page.php in MantisBT prior to 2.25.2. Unescaped output of the return parameter allows an malicious user to inject code into a hidden input field.
Mantisbt Mantisbt
9.6
CVSSv3
CVE-2019-15074
The Timeline feature in my_view_page.php in MantisBT up to and including 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed for ...
Mantisbt Mantisbt
7.5
CVSSv3
CVE-2020-35849
An issue exists in MantisBT prior to 2.24.4. An incorrect access check in bug_revision_view_page.php allows an unprivileged malicious user to view the Summary field of private issues, as well as bugnotes revisions, gaining access to potentially confidential information via the bu...
Mantisbt Mantisbt
5.3
CVSSv3
CVE-2018-6526
view_all_bug_page.php in MantisBT 2.10.0-development prior to 2018-02-02 allows remote malicious users to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php.
Mantisbt Mantisbt
7.8
CVSSv3
CVE-2021-43257
Lack of Neutralization of Formula Elements in the CSV API of MantisBT prior to 2.25.3 allows an unprivileged malicious user to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel.
Mantisbt Mantisbt
7.2
CVSSv3
CVE-2019-15715
MantisBT prior to 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.
Mantisbt Mantisbt
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002
CVE-2006-4304
CVE-2024-4336
CVE-2024-33437
CVE-2024-4340
CVE-2024-27956
privilege
insecure direct object reference
XSS
item search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »