Vulnerabilities > Mantisbt

DATE CVE VULNERABILITY TITLE RISK
2019-08-21 CVE-2019-15074 Cross-site Scripting vulnerability in Mantisbt
The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename.
network
low complexity
mantisbt CWE-79
critical
9.6
2019-06-20 CVE-2018-16514 Cross-site Scripting vulnerability in Mantisbt
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filter_edit_page.php) in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO.
network
high complexity
mantisbt CWE-79
4.7
2019-06-06 CVE-2018-9839 Improper Input Validation vulnerability in Mantisbt
An issue was discovered in MantisBT through 1.3.14, and 2.0.0.
network
low complexity
mantisbt CWE-20
6.5
2018-10-30 CVE-2018-17783 Cross-site Scripting vulnerability in Mantisbt
A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.
network
low complexity
mantisbt CWE-79
5.4
2018-10-30 CVE-2018-17782 Cross-site Scripting vulnerability in Mantisbt
A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.
network
low complexity
mantisbt CWE-79
5.4
2018-09-02 CVE-2018-16362 Cross-site Scripting vulnerability in Mantisbt Source Integration
An issue was discovered in the Source Integration plugin before 1.5.9 and 2.x before 2.1.5 for MantisBT.
network
low complexity
mantisbt CWE-79
6.1
2018-08-03 CVE-2018-14504 Cross-site Scripting vulnerability in Mantisbt
An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0.
network
low complexity
mantisbt CWE-79
6.1
2018-08-03 CVE-2018-13055 Cross-site Scripting vulnerability in Mantisbt
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO.
network
low complexity
mantisbt CWE-79
6.1
2018-02-02 CVE-2018-6526 Information Exposure vulnerability in Mantisbt
view_all_bug_page.php in MantisBT 2.10.0-development before 2018-02-02 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php.
network
low complexity
mantisbt CWE-200
5.3
2018-01-30 CVE-2018-6382 SQL Injection vulnerability in Mantisbt 2.10.0
MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address.
local
low complexity
mantisbt CWE-89
3.3