Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-34077
MantisBT (Mantis Bug Tracker) is an open source issue tracker. Insufficient access control in the registration and password reset process allows an malicious user to reset another user's password and takeover their account, if the victim has an incomplete request pending. Th...
NA
CVE-2024-34080
MantisBT (Mantis Bug Tracker) is an open source issue tracker. If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information rema...
NA
CVE-2024-34081
MantisBT (Mantis Bug Tracker) is an open source issue tracker. Improper escaping of a custom field's name allows an malicious user to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues (`bug_change_status_page....
NA
CVE-2024-23830
MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is available in version 2...
1 Github repository
NA
CVE-2023-49802
The LinkedCustomFields plugin for MantisBT allows users to link values between two custom fields, creating linked drop-downs. Prior to version 2.0.1, cross-site scripting in the MantisBT LinkedCustomFields plugin allows Javascript execution, when a crafted Custom Field is linked ...
Mantisbt Linked Custom Fields
NA
CVE-2023-44394
MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit `65c44883f` which has b...
Mantisbt Mantisbt
NA
CVE-2023-22476
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions before 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the _Summary_ field of private Issues (i.e. having Private view status, or belongin...
Mantisbt Mantisbt
3.5
CVSSv2
CVE-2022-33910
An XSS vulnerability in MantisBT prior to 2.25.5 allows remote malicious users to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download.php opens the SVG document in a browser tab instead of downloading it as a ...
Mantisbt Mantisbt
1 Github repository
4.3
CVSSv2
CVE-2022-28508
An XSS issue exists in browser_search_plugin.php in MantisBT prior to 2.25.2. Unescaped output of the return parameter allows an malicious user to inject code into a hidden input field.
Mantisbt Mantisbt
6
CVSSv2
CVE-2021-43257
Lack of Neutralization of Formula Elements in the CSV API of MantisBT prior to 2.25.3 allows an unprivileged malicious user to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel.
Mantisbt Mantisbt
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »