Vulnerabilities > Mantisbt

DATE CVE VULNERABILITY TITLE RISK
2017-03-31 CVE-2017-7241 Cross-site Scripting vulnerability in Mantisbt
A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) settings allows it.
network
mantisbt CWE-79
3.5
2017-03-31 CVE-2017-6973 Cross-site Scripting vulnerability in Mantisbt
A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter.
network
mantisbt CWE-79
3.5
2017-03-22 CVE-2017-7222 Cross-site Scripting vulnerability in Mantisbt
A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration.
network
mantisbt CWE-79
4.3
2017-03-17 CVE-2017-6958 Cross-site Scripting vulnerability in Mantisbt Source Integration
An XSS vulnerability in the MantisBT Source Integration Plugin (before 2.0.2) search result page allows an attacker to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by crafting any valid parameter.
network
mantisbt CWE-79
4.3
2017-03-10 CVE-2017-6799 Cross-site Scripting vulnerability in Mantisbt
A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter.
network
mantisbt CWE-79
4.3
2017-03-10 CVE-2017-6797 Cross-site Scripting vulnerability in Mantisbt
A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter.
network
mantisbt CWE-79
4.3
2017-02-17 CVE-2016-7111 Cross-site Scripting vulnerability in Mantisbt
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
network
high complexity
mantisbt CWE-79
2.6
2017-02-17 CVE-2016-5364 Cross-site Scripting vulnerability in Mantisbt
Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter.
network
mantisbt CWE-79
4.3
2017-01-10 CVE-2016-6837 Cross-site Scripting vulnerability in Mantisbt
Cross-site scripting (XSS) vulnerability in MantisBT Filter API in MantisBT versions before 1.2.19, and versions 2.0.0-beta1, 1.3.0-beta1 allows remote attackers to inject arbitrary web script or HTML via the 'view_type' parameter.
network
mantisbt CWE-79
4.3
2016-04-11 CVE-2014-9759 Information Exposure vulnerability in Mantisbt 1.3.0
Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request.
network
low complexity
mantisbt CWE-200
5.0