Vulnerabilities > Mantisbt

DATE CVE VULNERABILITY TITLE RISK
2020-08-12 CVE-2020-16266 Cross-site Scripting vulnerability in Mantisbt
An XSS issue was discovered in MantisBT before 2.24.2.
network
low complexity
mantisbt CWE-79
5.4
2020-03-19 CVE-2019-15539 Cross-site Scripting vulnerability in Mantisbt
The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename.
network
low complexity
mantisbt CWE-79
6.1
2020-02-13 CVE-2020-8981 Cross-site Scripting vulnerability in Mantisbt Source Integration
A cross-site scripting (XSS) vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 for MantisBT.
network
low complexity
mantisbt CWE-79
6.1
2019-11-09 CVE-2009-2802 Cross-site Scripting vulnerability in Mantisbt 1.2.0/1.2.1
MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types.
network
low complexity
mantisbt CWE-79
6.1
2019-11-07 CVE-2013-1811 Improper Input Validation vulnerability in multiple products
An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".
network
low complexity
mantisbt debian CWE-20
4.3
2019-10-31 CVE-2013-1934 Cross-site Scripting vulnerability in multiple products
A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value.
network
low complexity
mantisbt debian CWE-79
5.4
2019-10-31 CVE-2013-1932 Cross-site Scripting vulnerability in Mantisbt 1.2.13
A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name.
network
low complexity
mantisbt CWE-79
5.4
2019-10-31 CVE-2013-1931 Cross-site Scripting vulnerability in multiple products
A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version.
network
low complexity
mantisbt fedoraproject CWE-79
6.1
2019-10-31 CVE-2013-1930 Improper Input Validation vulnerability in multiple products
MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues.
network
low complexity
mantisbt fedoraproject CWE-20
4.3
2019-10-09 CVE-2019-15715 OS Command Injection vulnerability in Mantisbt
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.
network
low complexity
mantisbt CWE-78
7.2