Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2016-5364
Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the return parameter.
Mantisbt Mantisbt
4.3
CVSSv3
CVE-2023-22476
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions before 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the _Summary_ field of private Issues (i.e. having Private view status, or belongin...
Mantisbt Mantisbt
NA
CVE-2014-8553
The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT prior to 1.2.18 allows remote malicious users to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_get, (3) mc_filter_get_issues, or (4) mc_project_get_issues SOAP request.
Mantisbt Mantisbt
NA
CVE-2014-8598
The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote malicious users to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execu...
Mantisbt Mantisbt
1 EDB exploit
4.3
CVSSv3
CVE-2023-44394
MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit `65c44883f` which has b...
Mantisbt Mantisbt
6.1
CVSSv3
CVE-2017-6797
A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT prior to 1.3.7 and 2.x prior to 2.2.1 allows remote malicious users to inject arbitrary JavaScript via the 'action_type' parameter.
Mantisbt Mantisbt
6.1
CVSSv3
CVE-2017-6799
A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT prior to 2.2.1 allows remote malicious users to inject arbitrary JavaScript via the 'view_type' parameter.
Mantisbt Mantisbt
1 Github repository
6.1
CVSSv3
CVE-2017-7222
A cross-site scripting (XSS) vulnerability in MantisBT prior to 2.1.1 allows remote malicious users to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged ...
Mantisbt Mantisbt
NA
CVE-2014-6316
core/string_api.php in MantisBT prior to 1.2.18 does not properly categorize URLs when running under the web root, which allows remote malicious users to conduct open redirect and phishing attacks via a crafted URL in the return parameter to login_page.php.
Mantisbt Mantisbt
6.1
CVSSv3
CVE-2020-35571
An issue exists in MantisBT up to and including 2.24.3. In the helper_ensure_confirmed call in manage_custom_field_update.php, the custom field name is not sanitized. This may be problematic depending on CSP settings.
Mantisbt Mantisbt
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
CVE-2023-52162
CVE-2024-23670
CVE-2024-5404
man-in-the-middle
CVE-2024-5214
CVE-2024-4358
CVE-2024-20696
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »