Vulnerabilities > Mantisbt > Mantisbt > 1.3.15
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-16 | CVE-2017-7615 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mantisbt MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. | 8.8 |
| 2017-03-22 | CVE-2017-7222 | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. | 4.3 |
| 2017-03-10 | CVE-2017-6799 | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter. | 4.3 |