Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2016-5364
Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the return parameter.
Mantisbt Mantisbt
NA
CVE-2014-9388
bug_report.php in MantisBT prior to 1.2.18 allows remote malicious users to assign arbitrary issues via the handler_id parameter.
Mantisbt Mantisbt
NA
CVE-2014-9117
MantisBT prior to 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote malicious users to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPTCHA answer for a public_key parameter value, as demonstrated by E4652 for...
Mantisbt Mantisbt
NA
CVE-2014-9280
The current_user_get_bug_filter function in core/current_user_api.php in MantisBT prior to 1.2.18 allows remote malicious users to execute arbitrary PHP code via the filter parameter.
Mantisbt Mantisbt
8.8
CVSSv3
CVE-2017-7615
MantisBT up to and including 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
Mantisbt Mantisbt
1 EDB exploit
9.6
CVSSv3
CVE-2019-15074
The Timeline feature in my_view_page.php in MantisBT up to and including 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed for ...
Mantisbt Mantisbt
6.1
CVSSv3
CVE-2022-28508
An XSS issue exists in browser_search_plugin.php in MantisBT prior to 2.25.2. Unescaped output of the return parameter allows an malicious user to inject code into a hidden input field.
Mantisbt Mantisbt
4.7
CVSSv3
CVE-2018-16514
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filter_edit_page.php) in MantisBT 2.1.0 up to and including 2.17.0 allows remote malicious users to inject arbitrary code (if CSP settings permit it) through a...
Mantisbt Mantisbt
5.4
CVSSv3
CVE-2020-16266
An XSS issue exists in MantisBT prior to 2.24.2. Improper escaping on view_all_bug_page.php allows a remote malicious user to inject arbitrary HTML into the page by saving it into a text Custom Field, leading to possible code execution in the browser of any user subsequently view...
Mantisbt Mantisbt
4.3
CVSSv3
CVE-2023-22476
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions before 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the _Summary_ field of private Issues (i.e. having Private view status, or belongin...
Mantisbt Mantisbt
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »