Filtered by vendor Mantisbt
Subscribe
Total
119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2938 | 1 Mantisbt | 1 Mantisbt | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php in MantisBT before 1.2.7 allow remote attackers to inject arbitrary web script or HTML via a parameter, as demonstrated by the project_id parameter to search.php. | |||||
| CVE-2011-3578 | 1 Mantisbt | 1 Mantisbt | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to bug_actiongroup_page.php, a different vulnerability than CVE-2011-3357. | |||||
| CVE-2011-3357 | 1 Mantisbt | 1 Mantisbt | 2025-04-11 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter, related to bug_actiongroup_page.php. | |||||
| CVE-2012-1122 | 1 Mantisbt | 1 Mantisbt | 2025-04-11 | 3.6 LOW | N/A |
| bug_actiongroup.php in MantisBT before 1.2.9 does not properly check the report_bug_threshold permission of the receiving project when moving a bug report, which allows remote authenticated users with the report_bug_threshold and move_bug_threshold privileges for a project to bypass intended access restrictions and move bug reports to a different project. | |||||
| CVE-2010-4350 | 1 Mantisbt | 1 Mantisbt | 2025-04-11 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP. | |||||
| CVE-2012-1121 | 1 Mantisbt | 1 Mantisbt | 2025-04-11 | 4.9 MEDIUM | N/A |
| MantisBT before 1.2.9 does not properly check permissions, which allows remote authenticated users with manager privileges to (1) modify or (2) delete global categories. | |||||
| CVE-2012-5523 | 1 Mantisbt | 1 Mantisbt | 2025-04-11 | 5.5 MEDIUM | N/A |
| core/email_api.php in MantisBT before 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive information by adding a note to a bug before losing permission to view that bug. | |||||
| CVE-2010-3763 | 1 Mantisbt | 1 Mantisbt | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in core/summary_api.php in MantisBT before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the Summary field, a different vector than CVE-2010-3303. | |||||
| CVE-2012-1119 | 1 Mantisbt | 1 Mantisbt | 2025-04-11 | 6.4 MEDIUM | N/A |
| MantisBT before 1.2.9 does not audit when users copy or clone a bug report, which makes it easier for remote attackers to copy bug reports without detection. | |||||
| CVE-2010-2802 | 1 Mantisbt | 1 Mantisbt | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 allows remote authenticated users to inject arbitrary web script or HTML via an HTML document with a .gif filename extension, related to inline attachments. | |||||
| CVE-2013-4460 | 1 Mantisbt | 1 Mantisbt | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via a project name. | |||||
| CVE-2012-2691 | 1 Mantisbt | 1 Mantisbt | 2025-04-11 | 7.5 HIGH | N/A |
| The mc_issue_note_update function in the SOAP API in MantisBT before 1.2.11 does not properly check privileges, which allows remote attackers with bug reporting privileges to edit arbitrary bugnotes via a SOAP request. | |||||
| CVE-2011-3356 | 1 Mantisbt | 1 Mantisbt | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in config_defaults_inc.php in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO, as demonstrated by the PATH_INFO to (1) manage_config_email_page.php, (2) manage_config_workflow_page.php, or (3) bugs/plugin.php. | |||||
| CVE-2010-3303 | 1 Mantisbt | 1 Mantisbt | 2025-04-11 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an enumeration value or (3) a String value of a custom field, related to core/cfdefs/cfdef_standard.php; or a (4) project or (5) category name to print_all_bug_page_word.php. | |||||
| CVE-2012-1123 | 1 Mantisbt | 1 Mantisbt | 2025-04-11 | 7.5 HIGH | N/A |
| The mci_check_login function in api/soap/mc_api.php in the SOAP API in MantisBT before 1.2.9 allows remote attackers to bypass authentication via a null password. | |||||
| CVE-2008-3102 | 1 Mantisbt | 1 Mantisbt | 2025-04-09 | 5.0 MEDIUM | N/A |
| Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | |||||
| CVE-2024-34080 | 1 Mantisbt | 1 Mantisbt | 2025-01-16 | N/A | 5.3 MEDIUM |
| MantisBT (Mantis Bug Tracker) is an open source issue tracker. If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the link, link label, and tooltip. This can result in disclosure of the existence of the note, the note author name, the note creation timestamp, and the issue id the note belongs to. Version 2.26.2 contains a patch for the issue. No known workarounds are available. | |||||
| CVE-2024-34081 | 1 Mantisbt | 1 Mantisbt | 2025-01-16 | N/A | 6.6 MEDIUM |
| MantisBT (Mantis Bug Tracker) is an open source issue tracker. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues (`bug_change_status_page.php`) belonging to a project linking said custom field, viewing issues (`view_all_bug_page.php`) when the custom field is displayed as a column, or printing issues (`print_all_bug_page.php`) when the custom field is displayed as a column. Version 2.26.2 contains a patch for the issue. As a workaround, ensure Custom Field Names do not contain HTML tags. | |||||
| CVE-2024-34077 | 1 Mantisbt | 1 Mantisbt | 2025-01-16 | N/A | 7.3 HIGH |
| MantisBT (Mantis Bug Tracker) is an open source issue tracker. Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible while the verification token is valid, i.e for 5 minutes after the confirmation URL sent by e-mail has been opened, and the user did not complete the process by updating their password. A brute-force attack calling account_update.php with increasing user IDs is possible. A successful takeover would grant the attacker full access to the compromised account, including sensitive information and functionalities associated with the account, the extent of which depends on its privileges and the data it has access to. Version 2.26.2 contains a patch for the issue. As a workaround, one may mitigate the risk by reducing the verification token's validity (change the value of the `TOKEN_EXPIRY_AUTHENTICATED` constant in `constants_inc.php`). | |||||
| CVE-2024-23830 | 1 Mantisbt | 1 Mantisbt | 2024-12-18 | N/A | 8.3 HIGH |
| MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As a workaround, define `$g_path` as appropriate in `config_inc.php`. | |||||