0.19.3

DATE	CVE	VULNERABILITY TITLE	RISK
2006-02-13	CVE-2006-0664	Cross-Site Scripting vulnerability in Mantis Config_Defaults_Inc.PHP Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. network mantis	4.3
2005-12-28	CVE-2005-4523	Unspecified vulnerability in Mantis Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information. network low complexity mantis	5.0
2005-12-28	CVE-2005-4518	Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the max_file_size parameter to (1) bug_file_add.php, (2) bug_report.php, (3) bug_report_advanced_page.php, and (4) proj_doc_add_page.php. network low complexity mantis	7.5
2005-12-14	CVE-2005-4238	Cross-Site Scripting vulnerability in Mantis View_filters_page.PHP Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter. network mantis	4.3
2005-10-27	CVE-2005-3339	Remote vulnerability in Mantis Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors. local low complexity mantis	7.2
2005-10-27	CVE-2005-3338	Remote vulnerability in Mantis Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users. network low complexity mantis	5.0
2005-10-27	CVE-2005-3337	Cross-Site Scripting vulnerability in Mantis Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php. network mantis	4.3