Vulnerabilities > Mantisbt > Mantisbt > 0.19.0

DATE CVE VULNERABILITY TITLE RISK
2011-09-21 CVE-2011-3357 Path Traversal vulnerability in Mantisbt
Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to include and execute arbitrary local files via a ..
network
mantisbt CWE-22
6.8
6.8
2011-09-21 CVE-2011-3356 Cross-Site Scripting vulnerability in Mantisbt
Multiple cross-site scripting (XSS) vulnerabilities in config_defaults_inc.php in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO, as demonstrated by the PATH_INFO to (1) manage_config_email_page.php, (2) manage_config_workflow_page.php, or (3) bugs/plugin.php.
network
mantisbt CWE-79
4.3
4.3
2011-09-21 CVE-2011-2938 Cross-Site Scripting vulnerability in Mantisbt
Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php in MantisBT before 1.2.7 allow remote attackers to inject arbitrary web script or HTML via a parameter, as demonstrated by the project_id parameter to search.php.
network
mantisbt CWE-79
4.3
4.3
2011-01-03 CVE-2010-4350 Path Traversal vulnerability in Mantisbt
Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a ..
network
high complexity
mantisbt CWE-22
5.1
5.1
2011-01-03 CVE-2010-4349 Information Exposure vulnerability in Mantisbt
admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.
network
low complexity
mantisbt CWE-200
5.0
5.0
2011-01-03 CVE-2010-4348 Cross-Site Scripting vulnerability in Mantisbt
Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.
network
mantisbt CWE-79
4.3
4.3
2010-10-05 CVE-2010-3763 Cross-Site Scripting vulnerability in Mantisbt
Cross-site scripting (XSS) vulnerability in core/summary_api.php in MantisBT before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the Summary field, a different vector than CVE-2010-3303.
network
mantisbt CWE-79
4.3
4.3
2010-10-05 CVE-2010-3303 Cross-Site Scripting vulnerability in Mantisbt
Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an enumeration value or (3) a String value of a custom field, related to core/cfdefs/cfdef_standard.php; or a (4) project or (5) category name to print_all_bug_page_word.php.
network
mantisbt CWE-79
3.5
3.5
2010-09-07 CVE-2010-2802 Cross-Site Scripting vulnerability in Mantisbt
Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 allows remote authenticated users to inject arbitrary web script or HTML via an HTML document with a .gif filename extension, related to inline attachments.
network
mantisbt CWE-79
3.5
3.5