Mantisbt

Mantisbt

119 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2013-1930

  • EPSS 0.7%
  • Veröffentlicht 31.10.2019 20:15:10
  • Zuletzt bearbeitet 21.11.2024 01:50:41

MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues.

6.1

CVE-2013-1931

  • EPSS 1.43%
  • Veröffentlicht 31.10.2019 20:15:10
  • Zuletzt bearbeitet 21.11.2024 01:50:42

A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version.

5.4

CVE-2013-1932

  • EPSS 0.69%
  • Veröffentlicht 31.10.2019 20:15:10
  • Zuletzt bearbeitet 21.11.2024 01:50:42

A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name.

5.4

CVE-2013-1934

  • EPSS 0.35%
  • Veröffentlicht 31.10.2019 20:15:10
  • Zuletzt bearbeitet 21.11.2024 01:50:42

A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value.

7.2

CVE-2019-15715

Exploit
  • EPSS 24.16%
  • Veröffentlicht 09.10.2019 20:15:23
  • Zuletzt bearbeitet 21.11.2024 04:29:18

MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.

9.6

CVE-2019-15074

Exploit
  • EPSS 0.75%
  • Veröffentlicht 21.08.2019 19:15:13
  • Zuletzt bearbeitet 21.11.2024 04:28:00

The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The cod...

4.7

CVE-2018-16514

Exploit
  • EPSS 0.25%
  • Veröffentlicht 20.06.2019 14:15:10
  • Zuletzt bearbeitet 21.11.2024 03:52:53

A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filter_edit_page.php) in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code (if CSP settings permit i...

6.5

CVE-2018-9839

Exploit
  • EPSS 0.23%
  • Veröffentlicht 06.06.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:15:46

An issue was discovered in MantisBT through 1.3.14, and 2.0.0. Using a crafted request on bug_report_page.php (modifying the 'm_id' parameter), any user with REPORTER access or above is able to view any private issue's details (summary, description, ...

5.4

CVE-2018-17782

  • EPSS 0.18%
  • Veröffentlicht 30.10.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:54:57

A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafte...

5.4

CVE-2018-17783

  • EPSS 0.18%
  • Veröffentlicht 30.10.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:54:58

A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a craf...