Vulnerabilities > Mantisbt

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-19	CVE-2019-15539	Cross-site Scripting vulnerability in Mantisbt The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. network low complexity mantisbt CWE-79	6.1
2020-02-13	CVE-2020-8981	Cross-site Scripting vulnerability in Mantisbt Source Integration A cross-site scripting (XSS) vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 for MantisBT. network low complexity mantisbt CWE-79	6.1
2019-11-09	CVE-2009-2802	Cross-site Scripting vulnerability in Mantisbt 1.2.0/1.2.1 MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. network low complexity mantisbt CWE-79	6.1
2019-11-07	CVE-2013-1811	Improper Input Validation vulnerability in multiple products An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New". network low complexity mantisbt debian CWE-20	4.3
2019-10-31	CVE-2013-1934	Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value. network low complexity mantisbt debian CWE-79	5.4
2019-10-31	CVE-2013-1932	Cross-site Scripting vulnerability in Mantisbt 1.2.13 A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name. network low complexity mantisbt CWE-79	5.4
2019-10-31	CVE-2013-1931	Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version. network low complexity mantisbt fedoraproject CWE-79	6.1
2019-10-31	CVE-2013-1930	Improper Input Validation vulnerability in multiple products MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues. network low complexity mantisbt fedoraproject CWE-20	4.3
2019-10-09	CVE-2019-15715	OS Command Injection vulnerability in Mantisbt MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution. network low complexity mantisbt CWE-78	7.2
2019-08-21	CVE-2019-15074	Cross-site Scripting vulnerability in Mantisbt The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. network low complexity mantisbt CWE-79 critical	9.6

Vulnerabilities > Mantisbt {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Mantisbt"}]}

Vulnerabilities > Mantisbt