Vulnerabilities > Mantisbt > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-31 | CVE-2013-1931 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version. | 4.3 |
| 2019-10-31 | CVE-2013-1930 | Improper Input Validation vulnerability in multiple products MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues. | 4.0 |
| 2019-08-21 | CVE-2019-15074 | Cross-site Scripting vulnerability in Mantisbt The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. | 6.8 |
| 2019-06-06 | CVE-2018-9839 | Improper Input Validation vulnerability in Mantisbt An issue was discovered in MantisBT through 1.3.14, and 2.0.0. | 4.0 |
| 2018-09-02 | CVE-2018-16362 | Cross-site Scripting vulnerability in Mantisbt Source Integration An issue was discovered in the Source Integration plugin before 1.5.9 and 2.x before 2.1.5 for MantisBT. | 4.3 |
| 2018-08-03 | CVE-2018-14504 | Cross-site Scripting vulnerability in Mantisbt An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. | 4.3 |
| 2018-08-03 | CVE-2018-13055 | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. | 4.3 |
| 2018-02-02 | CVE-2018-6526 | Information Exposure vulnerability in Mantisbt view_all_bug_page.php in MantisBT 2.10.0-development before 2018-02-02 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php. | 5.0 |
| 2017-09-12 | CVE-2014-9624 | Improper Authentication vulnerability in Mantisbt CAPTCHA bypass vulnerability in MantisBT before 1.2.19. | 5.0 |
| 2017-08-28 | CVE-2015-2046 | Cross-site Scripting vulnerability in Mantisbt Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later before 1.2.20. | 4.3 |