Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt mantisbt vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-22476
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions before 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the _Summary_ field of private Issues (i.e. having Private view status, or belongin...
Mantisbt Mantisbt
4.3
CVSSv3
CVE-2020-25781
An issue exists in file_download.php in MantisBT prior to 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.
Mantisbt Mantisbt
6.1
CVSSv3
CVE-2019-15539
The proj_doc_edit_page.php Project Documentation feature in MantisBT prior to 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed...
Mantisbt Mantisbt
6.1
CVSSv3
CVE-2018-13055
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 up to and including 2.15.0 allows remote malicious users to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO.
Mantisbt Mantisbt
5.3
CVSSv3
CVE-2015-5059
The "Project Documentation" feature in MantisBT 1.2.19 and previous versions, when the threshold to access files ($g_view_proj_doc_threshold) is set to ANYBODY, allows remote authenticated users to download attachments linked to arbitrary private projects via a file id ...
Mantisbt Mantisbt
NA
CVE-2014-9281
Cross-site scripting (XSS) vulnerability in admin/copy_field.php in MantisBT prior to 1.2.18 allows remote malicious users to inject arbitrary web script or HTML via the dest_id field.
Mantisbt Mantisbt
5.3
CVSSv3
CVE-2018-6526
view_all_bug_page.php in MantisBT 2.10.0-development prior to 2018-02-02 allows remote malicious users to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php.
Mantisbt Mantisbt
5.4
CVSSv3
CVE-2018-17783
A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 up to and including 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.
Mantisbt Mantisbt
NA
CVE-2014-9117
MantisBT prior to 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote malicious users to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPTCHA answer for a public_key parameter value, as demonstrated by E4652 for...
Mantisbt Mantisbt
6.1
CVSSv3
CVE-2017-12061
An XSS issue exists in admin/install.php in MantisBT prior to 1.3.12 and 2.x prior to 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote malicious users to inject arbitrary JavaScript code, ...
Mantisbt Mantisbt
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »