Vulnerabilities (CVE)

Vendor filter

Mantisbt Subscribe

Product filter

Mantisbt Subscribe

Filter

21 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-16514 1 Mantisbt 1 Mantisbt 2019-06-21 2.6
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filter_edit_page.php) in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code (if CSP settings...
CVE-2018-6382 1 Mantisbt 1 Mantisbt 2019-03-04 2.1
** DISPUTED ** MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because...
CVE-2018-17782 1 Mantisbt 1 Mantisbt 2018-12-07 3.5
A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a...
CVE-2018-17783 1 Mantisbt 1 Mantisbt 2018-12-07 3.5
A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a...
CVE-2010-2574 1 Mantisbt 1 Mantisbt 2018-10-10 2.1
Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action.
CVE-2015-5059 1 Mantisbt 1 Mantisbt 2017-08-07 3.5
The "Project Documentation" feature in MantisBT 1.2.19 and earlier, when the threshold to access files ($g_view_proj_doc_threshold) is set to ANYBODY, allows remote authenticated users to download attachments linked to arbitrary private projects...
CVE-2017-7309 1 Mantisbt 1 Mantisbt 2017-07-12 3.5
A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter. This is fixed...
CVE-2017-7241 1 Mantisbt 1 Mantisbt 2017-07-12 3.5
A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection...
CVE-2017-6973 1 Mantisbt 1 Mantisbt 2017-07-12 3.5
A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2.
CVE-2016-7111 1 Mantisbt 1 Mantisbt 2017-02-22 2.6
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
CVE-2014-9506 1 Mantisbt 1 Mantisbt 2017-01-03 3.5
MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues.
CVE-2014-9269 2 Debian, Mantisbt 2 Debian Linux, Mantisbt 2017-01-03 2.6
Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie.
CVE-2014-8986 1 Mantisbt 1 Mantisbt 2017-01-03 3.5
Cross-site scripting (XSS) vulnerability in the selection list in the filters in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via a...
CVE-2014-8987 1 Mantisbt 1 Mantisbt 2015-08-25 3.5
Cross-site scripting (XSS) vulnerability in the "set configuration" box in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the...
CVE-2013-1810 1 Mantisbt 1 Mantisbt 2014-05-16 2.1
Multiple cross-site scripting (XSS) vulnerabilities in core/summary_api.php in MantisBT 1.2.12 allow remote authenticated users with manager or administrator permissions to inject arbitrary web script or HTML via a (1) category name in the...
CVE-2013-4460 1 Mantisbt 1 Mantisbt 2014-01-10 3.5
Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via a project name.
CVE-2012-2692 1 Mantisbt 1 Mantisbt 2013-08-27 3.6
MantisBT before 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypass intended access restrictions and delete...
CVE-2012-1122 1 Mantisbt 1 Mantisbt 2013-08-27 3.6
bug_actiongroup.php in MantisBT before 1.2.9 does not properly check the report_bug_threshold permission of the receiving project when moving a bug report, which allows remote authenticated users with the report_bug_threshold and...
CVE-2012-1120 1 Mantisbt 1 Mantisbt 2013-08-27 3.6
The SOAP API in MantisBT before 1.2.9 does not properly enforce the bugnote_allow_user_edit_delete and delete_bug_threshold permissions, which allows remote authenticated users with read and write SOAP API privileges to delete arbitrary bug...
CVE-2010-3303 1 Mantisbt 1 Mantisbt 2013-08-27 3.5
Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an enumeration value...