Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt mantisbt vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-0197
Cross-site scripting (XSS) vulnerability in the filter_draw_selection_area2 function in core/filter_api.php in MantisBT 1.2.12 prior to 1.2.13 allows remote malicious users to inject arbitrary web script or HTML via the match_type parameter to bugs/search.php.
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.13
6.1
CVSSv3
CVE-2017-7897
A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x prior to 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote malicious users to inject arbitrary code (if CSP settings permit it) through ...
Mantisbt Mantisbt 2.3.1
Mantisbt Mantisbt 2.3.0
5.4
CVSSv3
CVE-2013-1934
A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 prior to 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value.
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt
Debian Debian Linux 7.0
6.1
CVSSv3
CVE-2018-13055
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 up to and including 2.15.0 allows remote malicious users to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO.
Mantisbt Mantisbt
4.3
CVSSv3
CVE-2023-22476
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions before 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the _Summary_ field of private Issues (i.e. having Private view status, or belongin...
Mantisbt Mantisbt
6.1
CVSSv3
CVE-2021-33557
An XSS issue exists in manage_custom_field_edit_page.php in MantisBT prior to 2.25.2. Unescaped output of the return parameter allows an malicious user to inject code into a hidden input field.
Mantisbt Mantisbt
4.3
CVSSv3
CVE-2020-29603
In manage_proj_edit_page.php in MantisBT prior to 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them.
Mantisbt Mantisbt
NA
CVE-2014-9281
Cross-site scripting (XSS) vulnerability in admin/copy_field.php in MantisBT prior to 1.2.18 allows remote malicious users to inject arbitrary web script or HTML via the dest_id field.
Mantisbt Mantisbt
NA
CVE-2014-9506
MantisBT prior to 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues.
Mantisbt Mantisbt
7.5
CVSSv3
CVE-2014-9624
CAPTCHA bypass vulnerability in MantisBT prior to 1.2.19.
Mantisbt Mantisbt
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »