Vulnerabilities > Mantisbt

DATE CVE VULNERABILITY TITLE RISK
2017-03-31 CVE-2017-7309 Cross-site Scripting vulnerability in Mantisbt
A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter.
network
low complexity
mantisbt CWE-79
4.8
2017-03-31 CVE-2017-7241 Cross-site Scripting vulnerability in Mantisbt
A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) settings allows it.
network
low complexity
mantisbt CWE-79
4.8
2017-03-31 CVE-2017-6973 Cross-site Scripting vulnerability in Mantisbt
A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter.
network
low complexity
mantisbt CWE-79
4.8
2017-03-22 CVE-2017-7222 Cross-site Scripting vulnerability in Mantisbt
A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration.
network
low complexity
mantisbt CWE-79
6.1
2017-03-17 CVE-2017-6958 Cross-site Scripting vulnerability in Mantisbt Source Integration
An XSS vulnerability in the MantisBT Source Integration Plugin (before 2.0.2) search result page allows an attacker to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by crafting any valid parameter.
network
low complexity
mantisbt CWE-79
6.1
2017-03-10 CVE-2017-6799 Cross-site Scripting vulnerability in Mantisbt
A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter.
network
low complexity
mantisbt CWE-79
6.1
2017-03-10 CVE-2017-6797 Cross-site Scripting vulnerability in Mantisbt
A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter.
network
low complexity
mantisbt CWE-79
6.1
2017-02-17 CVE-2016-7111 Cross-site Scripting vulnerability in Mantisbt
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
network
high complexity
mantisbt CWE-79
4.7
2017-02-17 CVE-2016-5364 Cross-site Scripting vulnerability in Mantisbt
Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter.
network
low complexity
mantisbt CWE-79
6.1
2017-01-10 CVE-2016-6837 Cross-site Scripting vulnerability in Mantisbt
Cross-site scripting (XSS) vulnerability in MantisBT Filter API in MantisBT versions before 1.2.19, and versions 2.0.0-beta1, 1.3.0-beta1 allows remote attackers to inject arbitrary web script or HTML via the 'view_type' parameter.
network
low complexity
mantisbt CWE-79
6.1