Vulnerabilities > Mantis > Medium

DATE CVE VULNERABILITY TITLE RISK
2005-12-28 CVE-2005-4523 Unspecified vulnerability in Mantis
Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information.
network
low complexity
mantis
5.0
5.0
2005-12-28 CVE-2005-4522 Unspecified vulnerability in Mantis
Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters.
network
mantis
4.3
4.3
2005-12-28 CVE-2005-4521 CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php.
network
low complexity
mantis
5.0
5.0
2005-12-28 CVE-2005-4520 Unspecified vulnerability in Mantis
Unspecified "port injection" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors.
network
low complexity
mantis
5.0
5.0
2005-12-14 CVE-2005-4238 Cross-Site Scripting vulnerability in Mantis View_filters_page.PHP
Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter.
network
mantis
4.3
4.3
2005-10-27 CVE-2005-3338 Remote vulnerability in Mantis
Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users.
network
low complexity
mantis
5.0
5.0
2005-10-27 CVE-2005-3337 Cross-Site Scripting vulnerability in Mantis
Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php.
network
mantis
4.3
4.3
2005-09-28 CVE-2005-3091 Remote vulnerability in Mantis
Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 "thraxisp".
network
mantis
4.3
4.3
2005-09-28 CVE-2005-3090 Cross-Site Scripting vulnerability in Mantis
Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is used to delete the bug, as identified by bug#0006002, a different vulnerability than CVE-2005-2557.
network
mantis
4.3
4.3
2005-09-28 CVE-2005-2557 Input Validation vulnerability in Mantis
Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090.
network
mantis debian gentoo
4.3
4.3