Vulnerabilities > Mantisbt > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-24 | CVE-2022-33910 | Cross-site Scripting vulnerability in Mantisbt An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. | 3.5 |
| 2020-09-30 | CVE-2020-25288 | Cross-site Scripting vulnerability in Mantisbt An issue was discovered in MantisBT before 2.24.3. | 3.5 |
| 2020-09-30 | CVE-2020-25830 | Cross-site Scripting vulnerability in Mantisbt An issue was discovered in MantisBT before 2.24.3. | 3.5 |
| 2020-08-12 | CVE-2020-16266 | Cross-site Scripting vulnerability in Mantisbt An XSS issue was discovered in MantisBT before 2.24.2. | 3.5 |
| 2019-10-31 | CVE-2013-1932 | Cross-site Scripting vulnerability in Mantisbt 1.2.13 A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name. | 3.5 |
| 2019-10-31 | CVE-2013-1934 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value. | 3.5 |
| 2019-06-20 | CVE-2018-16514 | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filter_edit_page.php) in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. | 2.6 |
| 2018-10-30 | CVE-2018-17782 | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name. | 3.5 |
| 2018-10-30 | CVE-2018-17783 | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name. | 3.5 |
| 2018-01-30 | CVE-2018-6382 | SQL Injection vulnerability in Mantisbt 2.10.0 MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. | 3.3 |