Mantisbt

Mantisbt

115 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2024-45792

  • EPSS 0.08%
  • Published 30.09.2024 15:15:05
  • Last modified 15.08.2025 14:09:44

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Using a crafted POST request, an unprivileged, registered user is able to retrieve information about other users' personal system profiles. This vulnerability is fixed in 2.26.4.

4.8

CVE-2024-34081

  • EPSS 0.23%
  • Published 14.05.2024 15:38:30
  • Last modified 16.01.2025 16:42:57

MantisBT (Mantis Bug Tracker) is an open source issue tracker. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues (`bug...

5.3

CVE-2024-34080

  • EPSS 0.29%
  • Published 14.05.2024 15:38:29
  • Last modified 16.01.2025 16:44:40

MantisBT (Mantis Bug Tracker) is an open source issue tracker. If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, ...

7.3

CVE-2024-34077

Exploit
  • EPSS 0.25%
  • Published 14.05.2024 15:38:28
  • Last modified 16.01.2025 16:40:04

MantisBT (Mantis Bug Tracker) is an open source issue tracker. Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete ...

8.3

CVE-2024-23830

Exploit
  • EPSS 1.33%
  • Published 20.02.2024 22:15:08
  • Last modified 18.12.2024 18:03:25

MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is av...

4.3

CVE-2023-44394

  • EPSS 0.28%
  • Published 16.10.2023 22:15:12
  • Last modified 11.08.2025 15:15:27

MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commi...

4.3

CVE-2023-22476

Exploit
  • EPSS 0.21%
  • Published 23.02.2023 19:15:13
  • Last modified 21.11.2024 07:44:52

Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the _Summary_ field of private Issues (i.e. having ...

5.4

CVE-2022-33910

Exploit
  • EPSS 0.25%
  • Published 24.06.2022 17:15:08
  • Last modified 21.11.2024 07:08:35

An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download.php opens the SVG document in a browser tab instead o...

6.1

CVE-2022-28508

Exploit
  • EPSS 1.45%
  • Published 04.05.2022 14:15:09
  • Last modified 21.11.2024 06:57:27

An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.

7.8

CVE-2021-43257

Exploit
  • EPSS 1.2%
  • Published 14.04.2022 20:15:09
  • Last modified 21.11.2024 06:28:56

Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel.