Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt mantisbt vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2018-6526
view_all_bug_page.php in MantisBT 2.10.0-development prior to 2018-02-02 allows remote malicious users to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php.
Mantisbt Mantisbt
383
VMScore
CVE-2018-13055
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 up to and including 2.15.0 allows remote malicious users to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO.
Mantisbt Mantisbt
356
VMScore
CVE-2020-29603
In manage_proj_edit_page.php in MantisBT prior to 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them.
Mantisbt Mantisbt
356
VMScore
CVE-2020-29604
An issue exists in MantisBT prior to 2.24.4. A missing access check in bug_actiongroup.php allows an attacker (with rights to create new issues) to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue (i.e., one having Private ...
Mantisbt Mantisbt
356
VMScore
CVE-2020-29605
An issue exists in MantisBT prior to 2.24.4. Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary fields of private Issues via bug_arr[]= in a crafted bug_actiongroup_page.php URL. (The target Issues can have P...
Mantisbt Mantisbt
383
VMScore
CVE-2017-6799
A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT prior to 2.2.1 allows remote malicious users to inject arbitrary JavaScript via the 'view_type' parameter.
Mantisbt Mantisbt
1 Github repository
356
VMScore
CVE-2020-25781
An issue exists in file_download.php in MantisBT prior to 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.
Mantisbt Mantisbt
383
VMScore
CVE-2021-33557
An XSS issue exists in manage_custom_field_edit_page.php in MantisBT prior to 2.25.2. Unescaped output of the return parameter allows an malicious user to inject code into a hidden input field.
Mantisbt Mantisbt
312
VMScore
CVE-2015-5059
The "Project Documentation" feature in MantisBT 1.2.19 and previous versions, when the threshold to access files ($g_view_proj_doc_threshold) is set to ANYBODY, allows remote authenticated users to download attachments linked to arbitrary private projects via a file id ...
Mantisbt Mantisbt
231
VMScore
CVE-2018-16514
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filter_edit_page.php) in MantisBT 2.1.0 up to and including 2.17.0 allows remote malicious users to inject arbitrary code (if CSP settings permit it) through a...
Mantisbt Mantisbt
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »