Vulnerabilities > Mantisbt > Mantisbt
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-07 | CVE-2013-1811 | Improper Input Validation vulnerability in multiple products An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New". | 4.0 |
2019-10-31 | CVE-2013-1934 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value. | 3.5 |
2019-10-31 | CVE-2013-1932 | Cross-site Scripting vulnerability in Mantisbt 1.2.13 A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name. | 3.5 |
2019-10-31 | CVE-2013-1931 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version. | 4.3 |
2019-10-31 | CVE-2013-1930 | Improper Input Validation vulnerability in multiple products MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues. | 4.0 |
2019-10-09 | CVE-2019-15715 | OS Command Injection vulnerability in Mantisbt MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution. | 7.2 |
2019-08-21 | CVE-2019-15074 | Cross-site Scripting vulnerability in Mantisbt The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. | 6.8 |
2019-06-20 | CVE-2018-16514 | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filter_edit_page.php) in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. | 2.6 |
2019-06-06 | CVE-2018-9839 | Improper Input Validation vulnerability in Mantisbt An issue was discovered in MantisBT through 1.3.14, and 2.0.0. | 4.0 |
2018-10-30 | CVE-2018-17783 | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name. | 3.5 |