Mantisbt

Mantisbt

115 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2014-8987

  • EPSS 0.53%
  • Veröffentlicht 24.08.2015 15:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the "set configuration" box in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the config_opti...

5.8

CVE-2015-1042

Exploit
  • EPSS 0.62%
  • Veröffentlicht 10.02.2015 20:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The string_sanitize_url function in core/string_api.php in MantisBT 1.2.0a3 through 1.2.18 uses an incorrect regular expression, which allows remote attackers to conduct open redirect and phishing attacks via a URL with a ":/" (colon slash) separator...

6

CVE-2014-9573

Exploit
  • EPSS 0.4%
  • Veröffentlicht 26.01.2015 15:59:12
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie.

7.5

CVE-2014-9572

  • EPSS 0.92%
  • Veröffentlicht 26.01.2015 15:59:11
  • Zuletzt bearbeitet 12.04.2025 10:46:40

MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to /*/install.php, which allows remote attackers to obtain database credentials via the install parameter with the value 4.

4.3

CVE-2014-9571

Exploit
  • EPSS 0.45%
  • Veröffentlicht 26.01.2015 15:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in admin/install.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter.

4.3

CVE-2014-9272

  • EPSS 0.44%
  • Veröffentlicht 09.01.2015 18:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly validate the URL protocol, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the javascript:// protocol.

5.4

CVE-2014-9271

Exploit
  • EPSS 0.83%
  • Veröffentlicht 09.01.2015 18:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated ...

2.6

CVE-2014-9269

  • EPSS 0.41%
  • Veröffentlicht 09.01.2015 18:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie.

3.5

CVE-2014-9506

  • EPSS 0.19%
  • Veröffentlicht 04.01.2015 21:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues.

5

CVE-2014-9388

  • EPSS 0.43%
  • Veröffentlicht 17.12.2014 19:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter.