Vulnerabilities > Mantisbt > Mantisbt > 1.3.11

DATE CVE VULNERABILITY TITLE RISK
2018-02-02 CVE-2018-6526 Information Exposure vulnerability in Mantisbt
view_all_bug_page.php in MantisBT 2.10.0-development before 2018-02-02 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php.
network
low complexity
mantisbt CWE-200
5.0
5.0
2017-08-01 CVE-2017-12061 Cross-site Scripting vulnerability in Mantisbt
An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2.
network
mantisbt CWE-79
4.3
4.3
2017-04-16 CVE-2017-7615 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mantisbt
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
network
low complexity
mantisbt CWE-640
8.8
8.8
2017-03-22 CVE-2017-7222 Cross-site Scripting vulnerability in Mantisbt
A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration.
network
mantisbt CWE-79
4.3
4.3
2017-03-10 CVE-2017-6799 Cross-site Scripting vulnerability in Mantisbt
A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter.
network
mantisbt CWE-79
4.3
4.3