1.2.2

DATE	CVE	VULNERABILITY TITLE	RISK
2017-03-10	CVE-2017-6797	Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter. network mantisbt CWE-79	4.3
2017-02-17	CVE-2016-7111	Cross-site Scripting vulnerability in Mantisbt MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. network high complexity mantisbt CWE-79	2.6
2017-02-17	CVE-2016-5364	Cross-site Scripting vulnerability in Mantisbt Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter. network mantisbt CWE-79	4.3
2017-01-10	CVE-2016-6837	Cross-site Scripting vulnerability in Mantisbt Cross-site scripting (XSS) vulnerability in MantisBT Filter API in MantisBT versions before 1.2.19, and versions 2.0.0-beta1, 1.3.0-beta1 allows remote attackers to inject arbitrary web script or HTML via the 'view_type' parameter. network mantisbt CWE-79	4.3
2015-02-10	CVE-2015-1042	Unspecified vulnerability in Mantisbt The string_sanitize_url function in core/string_api.php in MantisBT 1.2.0a3 through 1.2.18 uses an incorrect regular expression, which allows remote attackers to conduct open redirect and phishing attacks via a URL with a ":/" (colon slash) separator in the return parameter to login_page.php, a different vulnerability than CVE-2014-6316. network mantisbt	5.8
2015-01-26	CVE-2014-9573	SQL Injection vulnerability in Mantisbt SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie. network mantisbt CWE-89	6.0
2015-01-26	CVE-2014-9572	Improper Access Control vulnerability in Mantisbt MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to /*/install.php, which allows remote attackers to obtain database credentials via the install parameter with the value 4. network low complexity mantisbt CWE-284	7.5
2015-01-26	CVE-2014-9571	Cross-site Scripting vulnerability in Mantisbt Cross-site scripting (XSS) vulnerability in admin/install.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter. network mantisbt CWE-79	4.3
2015-01-09	CVE-2014-9272	Cross-site Scripting vulnerability in multiple products The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly validate the URL protocol, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the javascript:// protocol. network debian mantisbt CWE-79	4.3
2015-01-09	CVE-2014-9271	Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename. network debian mantisbt CWE-79	4.3