Vulnerabilities > Mantisbt > Mantisbt

DATE CVE VULNERABILITY TITLE RISK
2019-11-07 CVE-2013-1811 Improper Input Validation vulnerability in multiple products
An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".
network
low complexity
mantisbt debian CWE-20
4.0
4.0
2019-10-31 CVE-2013-1934 Cross-site Scripting vulnerability in multiple products
A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value. 		3.5
3.5
2019-10-31 CVE-2013-1932 Cross-site Scripting vulnerability in Mantisbt 1.2.13
A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name.
network
mantisbt CWE-79
3.5
3.5
2019-10-31 CVE-2013-1931 Cross-site Scripting vulnerability in multiple products
A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version. 		4.3
4.3
2019-10-31 CVE-2013-1930 Improper Input Validation vulnerability in multiple products
MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues.
network
low complexity
mantisbt fedoraproject CWE-20
4.0
4.0
2019-10-09 CVE-2019-15715 OS Command Injection vulnerability in Mantisbt
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.
network
low complexity
mantisbt CWE-78
7.2
7.2
2019-08-21 CVE-2019-15074 Cross-site Scripting vulnerability in Mantisbt
The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename.
network
mantisbt CWE-79
6.8
6.8
2019-06-20 CVE-2018-16514 Cross-site Scripting vulnerability in Mantisbt
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filter_edit_page.php) in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO.
network
high complexity
mantisbt CWE-79
2.6
2.6
2019-06-06 CVE-2018-9839 Improper Input Validation vulnerability in Mantisbt
An issue was discovered in MantisBT through 1.3.14, and 2.0.0.
network
low complexity
mantisbt CWE-20
4.0
4.0
2018-10-30 CVE-2018-17783 Cross-site Scripting vulnerability in Mantisbt
A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.
network
mantisbt CWE-79
3.5
3.5