Vulnerabilities > Mantisbt

DATE	CVE	VULNERABILITY TITLE	RISK
2016-04-11	CVE-2014-9759	Information Exposure vulnerability in Mantisbt 1.3.0 Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request. network low complexity mantisbt CWE-200	5.3
2015-01-09	CVE-2014-9271	Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename. network low complexity debian mantisbt CWE-79	5.4

Vulnerabilities > Mantisbt {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Mantisbt"}]}