Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-7222
A cross-site scripting (XSS) vulnerability in MantisBT prior to 2.1.1 allows remote malicious users to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged ...
Mantisbt Mantisbt
7.2
CVSSv3
CVE-2019-15715
MantisBT prior to 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.
Mantisbt Mantisbt
4.8
CVSSv3
CVE-2020-25830
An issue exists in MantisBT prior to 2.24.3. Improper escaping of a custom field's name allows an malicious user to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bug_actiongroup_page.php.
Mantisbt Mantisbt
6.1
CVSSv3
CVE-2020-35571
An issue exists in MantisBT up to and including 2.24.3. In the helper_ensure_confirmed call in manage_custom_field_update.php, the custom field name is not sanitized. This may be problematic depending on CSP settings.
Mantisbt Mantisbt
5.4
CVSSv3
CVE-2018-17782
A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 up to and including 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.
Mantisbt Mantisbt
NA
CVE-2014-6316
core/string_api.php in MantisBT prior to 1.2.18 does not properly categorize URLs when running under the web root, which allows remote malicious users to conduct open redirect and phishing attacks via a crafted URL in the return parameter to login_page.php.
Mantisbt Mantisbt
6.1
CVSSv3
CVE-2018-14504
An issue exists in manage_filter_edit_page.php in MantisBT 2.x up to and including 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'f...
Mantisbt Mantisbt
8.1
CVSSv3
CVE-2009-20001
An issue exists in MantisBT prior to 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as...
Mantisbt Mantisbt
7.5
CVSSv3
CVE-2020-35849
An issue exists in MantisBT prior to 2.24.4. An incorrect access check in bug_revision_view_page.php allows an unprivileged malicious user to view the Summary field of private issues, as well as bugnotes revisions, gaining access to potentially confidential information via the bu...
Mantisbt Mantisbt
4.3
CVSSv3
CVE-2020-29603
In manage_proj_edit_page.php in MantisBT prior to 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them.
Mantisbt Mantisbt
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »