Vulnerabilities > Mantisbt

DATE CVE VULNERABILITY TITLE RISK
2022-05-04 CVE-2022-28508 Cross-site Scripting vulnerability in Mantisbt
An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2.
network
mantisbt CWE-79
4.3
2022-04-14 CVE-2021-43257 Improper Neutralization of Formula Elements in a CSV File vulnerability in Mantisbt
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel.
network
mantisbt CWE-1236
6.0
2022-04-13 CVE-2022-26144 Cross-site Scripting vulnerability in Mantisbt
An XSS issue was discovered in MantisBT before 2.25.3.
network
mantisbt CWE-79
4.3
2021-06-17 CVE-2021-33557 Cross-site Scripting vulnerability in Mantisbt
An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2.
network
mantisbt CWE-79
4.3
2021-03-07 CVE-2009-20001 Insufficient Session Expiration vulnerability in Mantisbt
An issue was discovered in MantisBT before 2.24.5.
network
low complexity
mantisbt CWE-613
5.5
2021-02-22 CVE-2020-35571 Cross-site Scripting vulnerability in Mantisbt
An issue was discovered in MantisBT through 2.24.3.
network
mantisbt CWE-79
4.3
2021-01-29 CVE-2020-29605 Incorrect Authorization vulnerability in Mantisbt
An issue was discovered in MantisBT before 2.24.4.
network
low complexity
mantisbt CWE-863
4.0
2021-01-29 CVE-2020-29604 Missing Authorization vulnerability in Mantisbt
An issue was discovered in MantisBT before 2.24.4.
network
low complexity
mantisbt CWE-862
4.0
2021-01-29 CVE-2020-29603 Insecure Storage of Sensitive Information vulnerability in Mantisbt
In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them.
network
low complexity
mantisbt CWE-922
4.0
2021-01-18 CVE-2020-36192 Unspecified vulnerability in Mantisbt Source Integration
An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT.
network
low complexity
mantisbt
5.0