Vulnerabilities > Mantisbt > Mantisbt > 2.2.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-10-30 | CVE-2018-17783 | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name. | 3.5 |
2018-10-30 | CVE-2018-17782 | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name. | 3.5 |
2018-08-03 | CVE-2018-14504 | Cross-site Scripting vulnerability in Mantisbt An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. | 4.3 |
2018-08-03 | CVE-2018-13055 | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. | 4.3 |
2018-02-02 | CVE-2018-6526 | Information Exposure vulnerability in Mantisbt view_all_bug_page.php in MantisBT 2.10.0-development before 2018-02-02 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php. | 5.0 |
2017-08-01 | CVE-2017-12062 | Cross-site Scripting vulnerability in Mantisbt An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. | 4.3 |
2017-08-01 | CVE-2017-12061 | Cross-site Scripting vulnerability in Mantisbt An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. | 4.3 |
2017-04-16 | CVE-2017-7615 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mantisbt MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. | 8.8 |
2017-03-31 | CVE-2017-7309 | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter. | 3.5 |
2017-03-31 | CVE-2017-7241 | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) settings allows it. | 3.5 |