Vulnerabilities > Mantis > Mantis > 1.0.0a1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-02-13 | CVE-2006-0664 | Cross-Site Scripting vulnerability in Mantis Config_Defaults_Inc.PHP Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. network mantis | 4.3 |
| 2005-12-28 | CVE-2005-4524 | Mantis 1.0.0rc3 does not properly handle "Make note private" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak. | 5.0 |
| 2005-12-28 | CVE-2005-4523 | Unspecified vulnerability in Mantis Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information. | 5.0 |
| 2005-12-28 | CVE-2005-4522 | Unspecified vulnerability in Mantis Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters. network mantis | 4.3 |
| 2005-12-28 | CVE-2005-4521 | CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php. | 5.0 |
| 2005-12-28 | CVE-2005-4520 | Unspecified vulnerability in Mantis Unspecified "port injection" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. | 5.0 |
| 2005-12-28 | CVE-2005-4519 | Unspecified vulnerability in Mantis Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php. | 7.5 |
| 2005-12-14 | CVE-2005-4238 | Cross-Site Scripting vulnerability in Mantis View_filters_page.PHP Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter. network mantis | 4.3 |
| 2005-09-28 | CVE-2005-3091 | Remote vulnerability in Mantis Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 "thraxisp". network mantis | 4.3 |
| 2005-09-28 | CVE-2005-3090 | Cross-Site Scripting vulnerability in Mantis Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is used to delete the bug, as identified by bug#0006002, a different vulnerability than CVE-2005-2557. network mantis | 4.3 |