Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt mantisbt 1.2.19 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2014-9624
CAPTCHA bypass vulnerability in MantisBT prior to 1.2.19.
Mantisbt Mantisbt
6.5
CVSSv3
CVE-2014-9701
Cross-site scripting (XSS) vulnerability in MantisBT prior to 1.2.19 and 1.3.x prior to 1.3.0-beta.2 allows remote malicious users to inject arbitrary web script or HTML via the url parameter to permalink_page.php.
Mantisbt Mantisbt 1.3.0
Mantisbt Mantisbt
6.1
CVSSv3
CVE-2015-2046
Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later prior to 1.2.20.
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.19
Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.2.18
Mantisbt Mantisbt 1.2.16
6.1
CVSSv3
CVE-2016-5364
Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the return parameter.
Mantisbt Mantisbt
6.1
CVSSv3
CVE-2016-6837
Cross-site scripting (XSS) vulnerability in MantisBT Filter API in MantisBT versions prior to 1.2.19, and versions 2.0.0-beta1, 1.3.0-beta1 allows remote malicious users to inject arbitrary web script or HTML via the 'view_type' parameter.
Mantisbt Mantisbt 2.0.0
Mantisbt Mantisbt 1.3.0
Mantisbt Mantisbt
5.3
CVSSv3
CVE-2015-5059
The "Project Documentation" feature in MantisBT 1.2.19 and previous versions, when the threshold to access files ($g_view_proj_doc_threshold) is set to ANYBODY, allows remote authenticated users to download attachments linked to arbitrary private projects via a file id ...
Mantisbt Mantisbt
4.8
CVSSv3
CVE-2017-7241
A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote malicious users to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) settings all...
Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.2.18
Mantisbt Mantisbt 1.2.19
Mantisbt Mantisbt 1.2.20
Mantisbt Mantisbt 2.0.1
Mantisbt Mantisbt 2.1.0
Mantisbt Mantisbt 2.0.0
Mantisbt Mantisbt 1.3.7
Mantisbt Mantisbt 1.3.8
Mantisbt Mantisbt 2.2.1
Mantisbt Mantisbt 2.1.3
Mantisbt Mantisbt 1.3.5
Mantisbt Mantisbt 1.3.6
Mantisbt Mantisbt 2.2.2
Mantisbt Mantisbt 2.2.3
Mantisbt Mantisbt 1.3.0
Mantisbt Mantisbt 2.1.1
Mantisbt Mantisbt 2.1.2
Mantisbt Mantisbt 1.3.1
Mantisbt Mantisbt 1.3.2
Mantisbt Mantisbt 1.3.9
Mantisbt Mantisbt 2.3.0
NA
CVE-2015-1042
The string_sanitize_url function in core/string_api.php in MantisBT 1.2.0a3 up to and including 1.2.18 uses an incorrect regular expression, which allows remote malicious users to conduct open redirect and phishing attacks via a URL with a ":/" (colon slash) separator i...
Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.2.18
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.6
NA
CVE-2014-9572
MantisBT prior to 1.2.19 and 1.3.x prior to 1.3.0-beta.2 does not properly restrict access to /*/install.php, which allows remote malicious users to obtain database credentials via the install parameter with the value 4.
Mantisbt Mantisbt 1.3.0
Mantisbt Mantisbt
NA
CVE-2014-9571
Cross-site scripting (XSS) vulnerability in admin/install.php in MantisBT prior to 1.2.19 and 1.3.x prior to 1.3.0-beta.2 allows remote malicious users to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter.
Mantisbt Mantisbt 1.3.0
Mantisbt Mantisbt
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »