Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2014-9280
The current_user_get_bug_filter function in core/current_user_api.php in MantisBT prior to 1.2.18 allows remote malicious users to execute arbitrary PHP code via the filter parameter.
Mantisbt Mantisbt
5.5
CVSSv2
CVE-2009-20001
An issue exists in MantisBT prior to 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as...
Mantisbt Mantisbt
4.3
CVSSv2
CVE-2022-28508
An XSS issue exists in browser_search_plugin.php in MantisBT prior to 2.25.2. Unescaped output of the return parameter allows an malicious user to inject code into a hidden input field.
Mantisbt Mantisbt
5.8
CVSSv2
CVE-2014-6316
core/string_api.php in MantisBT prior to 1.2.18 does not properly categorize URLs when running under the web root, which allows remote malicious users to conduct open redirect and phishing attacks via a crafted URL in the return parameter to login_page.php.
Mantisbt Mantisbt
6.5
CVSSv2
CVE-2017-7615
MantisBT up to and including 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
Mantisbt Mantisbt
1 EDB exploit
4.3
CVSSv2
CVE-2017-6797
A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT prior to 1.3.7 and 2.x prior to 2.2.1 allows remote malicious users to inject arbitrary JavaScript via the 'action_type' parameter.
Mantisbt Mantisbt
4.3
CVSSv2
CVE-2017-6799
A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT prior to 2.2.1 allows remote malicious users to inject arbitrary JavaScript via the 'view_type' parameter.
Mantisbt Mantisbt
1 Github repository
4.3
CVSSv2
CVE-2022-26144
An XSS issue exists in MantisBT prior to 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code (if CSP allows it) in manage_plugin_page.php and manage_plugin_uninstall.php when a crafted plugin is installed.
Mantisbt Mantisbt
4.3
CVSSv2
CVE-2020-35571
An issue exists in MantisBT up to and including 2.24.3. In the helper_ensure_confirmed call in manage_custom_field_update.php, the custom field name is not sanitized. This may be problematic depending on CSP settings.
Mantisbt Mantisbt
5
CVSSv2
CVE-2014-8553
The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT prior to 1.2.18 allows remote malicious users to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_get, (3) mc_filter_get_issues, or (4) mc_project_get_issues SOAP request.
Mantisbt Mantisbt
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »