Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2014-9624
CAPTCHA bypass vulnerability in MantisBT prior to 1.2.19.
Mantisbt Mantisbt
655
VMScore
CVE-2017-7615
MantisBT up to and including 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
Mantisbt Mantisbt
1 EDB exploit
445
VMScore
CVE-2018-6526
view_all_bug_page.php in MantisBT 2.10.0-development prior to 2018-02-02 allows remote malicious users to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php.
Mantisbt Mantisbt
645
VMScore
CVE-2014-8598
The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote malicious users to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execu...
Mantisbt Mantisbt
1 EDB exploit
383
VMScore
CVE-2018-14504
An issue exists in manage_filter_edit_page.php in MantisBT 2.x up to and including 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'f...
Mantisbt Mantisbt
383
VMScore
CVE-2022-26144
An XSS issue exists in MantisBT prior to 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code (if CSP allows it) in manage_plugin_page.php and manage_plugin_uninstall.php when a crafted plugin is installed.
Mantisbt Mantisbt
231
VMScore
CVE-2018-16514
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filter_edit_page.php) in MantisBT 2.1.0 up to and including 2.17.0 allows remote malicious users to inject arbitrary code (if CSP settings permit it) through a...
Mantisbt Mantisbt
312
VMScore
CVE-2018-17783
A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 up to and including 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.
Mantisbt Mantisbt
383
VMScore
CVE-2016-5364
Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the return parameter.
Mantisbt Mantisbt
445
VMScore
CVE-2014-9388
bug_report.php in MantisBT prior to 1.2.18 allows remote malicious users to assign arbitrary issues via the handler_id parameter.
Mantisbt Mantisbt
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27842
CVE-2024-30657
CVE-2024-4534
hardcoded
SSRF
CVE-2024-21683
CVE-2024-5364
file upload
CVE-2024-5371
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »