Vulnerabilities (CVE)

Vendor filter

Mantisbt Subscribe

Product filter

Mantisbt Subscribe

Filter

85 total CVE
CVE Vendors Products Updated CVSS
CVE-2010-4348 1 Mantisbt 1 Mantisbt 2013-08-27 4.3
Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the db_type parameter, related to an unsafe call by MantisBT to a function in the...
CVE-2010-3763 1 Mantisbt 1 Mantisbt 2013-08-27 4.3
Cross-site scripting (XSS) vulnerability in core/summary_api.php in MantisBT before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the Summary field, a different vector than CVE-2010-3303.
CVE-2010-3303 1 Mantisbt 1 Mantisbt 2013-08-27 3.5
Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an enumeration value...
CVE-2012-5522 1 Mantisbt 1 Mantisbt 2013-08-22 5.5
MantisBT before 1.2.12 does not use an expected default value during decisions about whether a user may modify the status of a bug, which allows remote authenticated users to bypass intended access restrictions and make status changes by...
CVE-2010-2802 1 Mantisbt 1 Mantisbt 2011-01-04 3.5
Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 allows remote authenticated users to inject arbitrary web script or HTML via an HTML document with a .gif filename extension, related to inline attachments.