Vulnerabilities > Mantisbt > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-11 | CVE-2023-49802 | Cross-site Scripting vulnerability in Mantisbt Linked Custom Fields 1.0/1.0.1/2.0.0 The LinkedCustomFields plugin for MantisBT allows users to link values between two custom fields, creating linked drop-downs. | 6.1 |
| 2023-10-16 | CVE-2023-44394 | Exposure of Resource to Wrong Sphere vulnerability in Mantisbt MantisBT is an open source bug tracker. | 4.3 |
| 2023-02-23 | CVE-2023-22476 | Unspecified vulnerability in Mantisbt Mantis Bug Tracker (MantisBT) is an open source issue tracker. | 4.3 |
| 2022-05-04 | CVE-2022-28508 | Cross-site Scripting vulnerability in Mantisbt An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. | 4.3 |
| 2022-04-14 | CVE-2021-43257 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Mantisbt Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel. | 6.0 |
| 2022-04-13 | CVE-2022-26144 | Cross-site Scripting vulnerability in Mantisbt An XSS issue was discovered in MantisBT before 2.25.3. | 4.3 |
| 2021-06-17 | CVE-2021-33557 | Cross-site Scripting vulnerability in Mantisbt An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. | 4.3 |
| 2021-03-07 | CVE-2009-20001 | Insufficient Session Expiration vulnerability in Mantisbt An issue was discovered in MantisBT before 2.24.5. | 5.5 |
| 2021-02-22 | CVE-2020-35571 | Cross-site Scripting vulnerability in Mantisbt An issue was discovered in MantisBT through 2.24.3. | 4.3 |
| 2021-01-29 | CVE-2020-29605 | Incorrect Authorization vulnerability in Mantisbt An issue was discovered in MantisBT before 2.24.4. | 4.0 |