Mantisbt

Mantisbt

119 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2018-13055

  • EPSS 0.35%
  • Veröffentlicht 03.08.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:46:19

A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO.

6.1

CVE-2018-14504

Exploit
  • EPSS 0.48%
  • Veröffentlicht 03.08.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:12

An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a c...

5.3

CVE-2018-6526

  • EPSS 0.24%
  • Veröffentlicht 02.02.2018 09:29:00
  • Zuletzt bearbeitet 21.11.2024 04:10:50

view_all_bug_page.php in MantisBT 2.10.0-development before 2018-02-02 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php.

3.3

CVE-2018-6382

  • EPSS 0.09%
  • Veröffentlicht 30.01.2018 06:29:00
  • Zuletzt bearbeitet 21.11.2024 04:10:36

MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is inte...

7.5

CVE-2014-9624

  • EPSS 0.56%
  • Veröffentlicht 12.09.2017 14:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

CAPTCHA bypass vulnerability in MantisBT before 1.2.19.

6.1

CVE-2015-2046

  • EPSS 0.37%
  • Veröffentlicht 28.08.2017 15:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later before 1.2.20.

6.5

CVE-2014-9701

  • EPSS 0.9%
  • Veröffentlicht 09.08.2017 18:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter to permalink_page.php.

4.9

CVE-2017-12419

  • EPSS 1.08%
  • Veröffentlicht 05.08.2017 15:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" section of the MantisBT Admin Guide), and the MySQL cli...

6.1

CVE-2017-12061

  • EPSS 1.03%
  • Veröffentlicht 01.08.2017 15:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject...

6.1

CVE-2017-12062

Exploit
  • EPSS 0.74%
  • Veröffentlicht 01.08.2017 15:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled.