Mantisbt

Mantisbt

115 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2020-25781

Exploit
  • EPSS 0.26%
  • Published 30.09.2020 21:15:13
  • Last modified 21.11.2024 05:18:45

An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL ...

4.8

CVE-2020-25830

Exploit
  • EPSS 0.6%
  • Published 30.09.2020 21:15:13
  • Last modified 21.11.2024 05:18:51

An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bug...

5.4

CVE-2020-16266

Exploit
  • EPSS 0.27%
  • Published 12.08.2020 13:15:10
  • Last modified 21.11.2024 05:07:03

An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on view_all_bug_page.php allows a remote attacker to inject arbitrary HTML into the page by saving it into a text Custom Field, leading to possible code execution in the browser...

6.1

CVE-2019-15539

  • EPSS 0.52%
  • Published 19.03.2020 19:15:11
  • Last modified 21.11.2024 04:28:57

The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted fi...

6.1

CVE-2009-2802

  • EPSS 0.45%
  • Published 09.11.2019 03:15:10
  • Last modified 21.11.2024 01:05:46

MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks.

4.3

CVE-2013-1811

  • EPSS 0.33%
  • Published 07.11.2019 23:15:10
  • Last modified 21.11.2024 01:50:26

An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".

4.3

CVE-2013-1930

  • EPSS 0.7%
  • Published 31.10.2019 20:15:10
  • Last modified 21.11.2024 01:50:41

MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues.

6.1

CVE-2013-1931

  • EPSS 1.43%
  • Published 31.10.2019 20:15:10
  • Last modified 21.11.2024 01:50:42

A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version.

5.4

CVE-2013-1932

  • EPSS 0.69%
  • Published 31.10.2019 20:15:10
  • Last modified 21.11.2024 01:50:42

A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name.

5.4

CVE-2013-1934

  • EPSS 0.35%
  • Published 31.10.2019 20:15:10
  • Last modified 21.11.2024 01:50:42

A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value.