Mantisbt ≫ Mantisbt

115 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.

4.8

CVE-2017-6973

Exploit

EPSS 0.62%
Veröffentlicht 31.03.2017 04:59:00
Zuletzt bearbeitet 20.04.2025 01:37:25

A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2.

4.8

CVE-2017-7241

Exploit

EPSS 0.8%
Veröffentlicht 31.03.2017 04:59:00
Zuletzt bearbeitet 20.04.2025 01:37:25

A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP...

4.8

CVE-2017-7309

Exploit

EPSS 2.48%
Veröffentlicht 31.03.2017 04:59:00
Zuletzt bearbeitet 20.04.2025 01:37:25

A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter. This is fixed in 1....

6.1

CVE-2017-7222

EPSS 0.27%
Veröffentlicht 22.03.2017 05:59:00
Zuletzt bearbeitet 20.04.2025 01:37:25

A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires priv...

6.1

CVE-2017-6799

Exploit

EPSS 0.72%
Veröffentlicht 10.03.2017 10:59:00
Zuletzt bearbeitet 20.04.2025 01:37:25

A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter.

6.1

CVE-2017-6797

Exploit

EPSS 0.83%
Veröffentlicht 10.03.2017 00:59:00
Zuletzt bearbeitet 20.04.2025 01:37:25

A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter.

4.7

CVE-2016-7111

EPSS 0.33%
Veröffentlicht 17.02.2017 17:59:01
Zuletzt bearbeitet 20.04.2025 01:37:25

MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

6.1

CVE-2016-5364

Exploit

EPSS 0.3%
Veröffentlicht 17.02.2017 17:59:00
Zuletzt bearbeitet 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter.

6.1

CVE-2016-6837

EPSS 0.94%
Veröffentlicht 10.01.2017 15:59:00
Zuletzt bearbeitet 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in MantisBT Filter API in MantisBT versions before 1.2.19, and versions 2.0.0-beta1, 1.3.0-beta1 allows remote attackers to inject arbitrary web script or HTML via the 'view_type' parameter.

5.3

CVE-2014-9759

EPSS 0.29%
Veröffentlicht 11.04.2016 21:59:00
Zuletzt bearbeitet 12.04.2025 10:46:40

Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request.

<1...3456789...12>