Vulnerabilities > Mantisbt
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-08-12 | CVE-2020-16266 | Cross-site Scripting vulnerability in Mantisbt An XSS issue was discovered in MantisBT before 2.24.2. | 5.4 |
2020-03-19 | CVE-2019-15539 | Cross-site Scripting vulnerability in Mantisbt The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. | 6.1 |
2020-02-13 | CVE-2020-8981 | Cross-site Scripting vulnerability in Mantisbt Source Integration A cross-site scripting (XSS) vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 for MantisBT. | 6.1 |
2019-11-09 | CVE-2009-2802 | Cross-site Scripting vulnerability in Mantisbt 1.2.0/1.2.1 MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. | 6.1 |
2019-11-07 | CVE-2013-1811 | Improper Input Validation vulnerability in multiple products An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New". | 4.3 |
2019-10-31 | CVE-2013-1934 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value. | 5.4 |
2019-10-31 | CVE-2013-1932 | Cross-site Scripting vulnerability in Mantisbt 1.2.13 A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name. | 5.4 |
2019-10-31 | CVE-2013-1931 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version. | 6.1 |
2019-10-31 | CVE-2013-1930 | Improper Input Validation vulnerability in multiple products MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues. | 4.3 |
2019-10-09 | CVE-2019-15715 | OS Command Injection vulnerability in Mantisbt MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution. | 7.2 |