Mantisbt

Mantisbt

119 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2015-5059

  • EPSS 0.63%
  • Veröffentlicht 01.08.2017 14:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The "Project Documentation" feature in MantisBT 1.2.19 and earlier, when the threshold to access files ($g_view_proj_doc_threshold) is set to ANYBODY, allows remote authenticated users to download attachments linked to arbitrary private projects via ...

6.5

CVE-2017-7620

Exploit
  • EPSS 0.33%
  • Veröffentlicht 21.05.2017 14:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing either a local pathname or a remote hostname, which ...

6.1

CVE-2017-7897

Exploit
  • EPSS 0.25%
  • Veröffentlicht 18.04.2017 17:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x before 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote attackers to inject arbitrary code (if CSP settin...

8.8

CVE-2017-7615

Exploit
  • EPSS 93.17%
  • Veröffentlicht 16.04.2017 14:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.

4.8

CVE-2017-6973

Exploit
  • EPSS 0.62%
  • Veröffentlicht 31.03.2017 04:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2.

4.8

CVE-2017-7241

Exploit
  • EPSS 0.8%
  • Veröffentlicht 31.03.2017 04:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP...

4.8

CVE-2017-7309

Exploit
  • EPSS 2.48%
  • Veröffentlicht 31.03.2017 04:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter. This is fixed in 1....

6.1

CVE-2017-7222

  • EPSS 0.27%
  • Veröffentlicht 22.03.2017 05:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires priv...

6.1

CVE-2017-6799

Exploit
  • EPSS 0.72%
  • Veröffentlicht 10.03.2017 10:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter.

6.1

CVE-2017-6797

Exploit
  • EPSS 0.83%
  • Veröffentlicht 10.03.2017 00:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter.