Vulnerabilities > Mantisbt

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-30	CVE-2020-25830	Cross-site Scripting vulnerability in Mantisbt An issue was discovered in MantisBT before 2.24.3. network low complexity mantisbt CWE-79	4.8
2020-09-30	CVE-2020-25781	Missing Authorization vulnerability in Mantisbt An issue was discovered in file_download.php in MantisBT before 2.24.3. network low complexity mantisbt CWE-862	4.3
2020-09-30	CVE-2020-25288	Cross-site Scripting vulnerability in Mantisbt An issue was discovered in MantisBT before 2.24.3. network low complexity mantisbt CWE-79	4.8
2020-08-12	CVE-2020-16266	Cross-site Scripting vulnerability in Mantisbt An XSS issue was discovered in MantisBT before 2.24.2. network low complexity mantisbt CWE-79	5.4
2020-03-19	CVE-2019-15539	Cross-site Scripting vulnerability in Mantisbt The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. network low complexity mantisbt CWE-79	6.1
2020-02-13	CVE-2020-8981	Cross-site Scripting vulnerability in Mantisbt Source Integration A cross-site scripting (XSS) vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 for MantisBT. network low complexity mantisbt CWE-79	6.1
2019-11-09	CVE-2009-2802	Cross-site Scripting vulnerability in Mantisbt 1.2.0/1.2.1 MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. network low complexity mantisbt CWE-79	6.1
2019-11-07	CVE-2013-1811	Improper Input Validation vulnerability in multiple products An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New". network low complexity mantisbt debian CWE-20	4.3
2019-10-31	CVE-2013-1934	Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value. network low complexity mantisbt debian CWE-79	5.4
2019-10-31	CVE-2013-1932	Cross-site Scripting vulnerability in Mantisbt 1.2.13 A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name. network low complexity mantisbt CWE-79	5.4

Vulnerabilities > Mantisbt {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Mantisbt"}]}

Vulnerabilities > Mantisbt