Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2014-9117
MantisBT prior to 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote malicious users to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPTCHA answer for a public_key parameter value, as demonstrated by E4652 for...
Mantisbt Mantisbt
668
VMScore
CVE-2014-9280
The current_user_get_bug_filter function in core/current_user_api.php in MantisBT prior to 1.2.18 allows remote malicious users to execute arbitrary PHP code via the filter parameter.
Mantisbt Mantisbt
383
VMScore
CVE-2014-9281
Cross-site scripting (XSS) vulnerability in admin/copy_field.php in MantisBT prior to 1.2.18 allows remote malicious users to inject arbitrary web script or HTML via the dest_id field.
Mantisbt Mantisbt
655
VMScore
CVE-2017-7615
MantisBT up to and including 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
Mantisbt Mantisbt
1 EDB exploit
578
VMScore
CVE-2019-15715
MantisBT prior to 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.
Mantisbt Mantisbt
356
VMScore
CVE-2020-25781
An issue exists in file_download.php in MantisBT prior to 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.
Mantisbt Mantisbt
312
VMScore
CVE-2020-25830
An issue exists in MantisBT prior to 2.24.3. Improper escaping of a custom field's name allows an malicious user to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bug_actiongroup_page.php.
Mantisbt Mantisbt
312
VMScore
CVE-2018-17783
A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 up to and including 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.
Mantisbt Mantisbt
383
VMScore
CVE-2016-5364
Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the return parameter.
Mantisbt Mantisbt
356
VMScore
CVE-2020-29605
An issue exists in MantisBT prior to 2.24.4. Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary fields of private Issues via bug_arr[]= in a crafted bug_actiongroup_page.php URL. (The target Issues can have P...
Mantisbt Mantisbt
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »