Mantisbt

Mantisbt

115 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2019-15715

Exploit
  • EPSS 24.16%
  • Published 09.10.2019 20:15:23
  • Last modified 21.11.2024 04:29:18

MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.

9.6

CVE-2019-15074

Exploit
  • EPSS 0.89%
  • Published 21.08.2019 19:15:13
  • Last modified 21.11.2024 04:28:00

The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The cod...

4.7

CVE-2018-16514

Exploit
  • EPSS 0.25%
  • Published 20.06.2019 14:15:10
  • Last modified 21.11.2024 03:52:53

A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filter_edit_page.php) in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code (if CSP settings permit i...

6.5

CVE-2018-9839

Exploit
  • EPSS 0.23%
  • Published 06.06.2019 19:29:00
  • Last modified 21.11.2024 04:15:46

An issue was discovered in MantisBT through 1.3.14, and 2.0.0. Using a crafted request on bug_report_page.php (modifying the 'm_id' parameter), any user with REPORTER access or above is able to view any private issue's details (summary, description, ...

5.4

CVE-2018-17782

  • EPSS 0.18%
  • Published 30.10.2018 18:29:00
  • Last modified 21.11.2024 03:54:57

A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafte...

5.4

CVE-2018-17783

  • EPSS 0.18%
  • Published 30.10.2018 18:29:00
  • Last modified 21.11.2024 03:54:58

A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a craf...

6.1

CVE-2018-13055

  • EPSS 0.35%
  • Published 03.08.2018 18:29:00
  • Last modified 21.11.2024 03:46:19

A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO.

6.1

CVE-2018-14504

Exploit
  • EPSS 0.48%
  • Published 03.08.2018 18:29:00
  • Last modified 21.11.2024 03:49:12

An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a c...

5.3

CVE-2018-6526

  • EPSS 0.24%
  • Published 02.02.2018 09:29:00
  • Last modified 21.11.2024 04:10:50

view_all_bug_page.php in MantisBT 2.10.0-development before 2018-02-02 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php.

3.3

CVE-2018-6382

  • EPSS 0.09%
  • Published 30.01.2018 06:29:00
  • Last modified 21.11.2024 04:10:36

MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is inte...