Vulnerabilities (CVE)

Filtered by vendor Mantisbt Subscribe
Filtered by product Mantisbt
Total 104 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-33557 1 Mantisbt 1 Mantisbt 2021-06-21 4.3 MEDIUM 6.1 MEDIUM
An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.
CVE-2009-20001 1 Mantisbt 1 Mantisbt 2021-03-11 5.5 MEDIUM 8.1 HIGH
An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as them.
CVE-2014-9271 2 Debian, Mantisbt 2 Debian Linux, Mantisbt 2021-03-04 4.3 MEDIUM 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename.
CVE-2020-35571 1 Mantisbt 1 Mantisbt 2021-02-26 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in MantisBT through 2.24.3. In the helper_ensure_confirmed call in manage_custom_field_update.php, the custom field name is not sanitized. This may be problematic depending on CSP settings.
CVE-2020-29603 2 Mantisbt, Microsoft 2 Mantisbt, Windows 2021-01-30 4.0 MEDIUM 4.3 MEDIUM
In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them.
CVE-2020-29604 2 Mantisbt, Microsoft 2 Mantisbt, Windows 2021-01-30 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php allows an attacker (with rights to create new issues) to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue (i.e., one having Private view status, or belonging to a private Project) via the bug_arr[] parameter. This provides full access to potentially confidential information.
CVE-2020-29605 2 Mantisbt, Microsoft 2 Mantisbt, Windows 2021-01-30 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in MantisBT before 2.24.4. Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary fields of private Issues via bug_arr[]= in a crafted bug_actiongroup_page.php URL. (The target Issues can have Private view status, or belong to a private Project.)
CVE-2012-1119 1 Mantisbt 1 Mantisbt 2021-01-12 6.4 MEDIUM N/A
MantisBT before 1.2.9 does not audit when users copy or clone a bug report, which makes it easier for remote attackers to copy bug reports without detection.
CVE-2014-9269 2 Debian, Mantisbt 2 Debian Linux, Mantisbt 2021-01-12 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie.
CVE-2012-1120 1 Mantisbt 1 Mantisbt 2021-01-12 3.6 LOW N/A
The SOAP API in MantisBT before 1.2.9 does not properly enforce the bugnote_allow_user_edit_delete and delete_bug_threshold permissions, which allows remote authenticated users with read and write SOAP API privileges to delete arbitrary bug reports and bug notes.
CVE-2014-1609 2 Debian, Mantisbt 2 Debian Linux, Mantisbt 2021-01-12 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to the (1) mc_project_get_attachments function in api/soap/mc_project_api.php; the (2) news_get_limited_rows function in core/news_api.php; the (3) summary_print_by_enum, (4) summary_print_by_age, (5) summary_print_by_developer, (6) summary_print_by_reporter, or (7) summary_print_by_category function in core/summary_api.php; the (8) create_bug_enum_summary or (9) enum_bug_group function in plugins/MantisGraph/core/graph_api.php; (10) bug_graph_bycategory.php or (11) bug_graph_bystatus.php in plugins/MantisGraph/pages/; or (12) proj_doc_page.php, related to use of the db_query function, a different vulnerability than CVE-2014-1608.
CVE-2014-9272 2 Debian, Mantisbt 2 Debian Linux, Mantisbt 2021-01-12 4.3 MEDIUM N/A
The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly validate the URL protocol, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the javascript:// protocol.
CVE-2014-9279 1 Mantisbt 1 Mantisbt 2021-01-12 5.0 MEDIUM N/A
The print_test_result function in admin/upgrade_unattended.php in MantisBT 1.1.0a3 through 1.2.x before 1.2.18 allows remote attackers to obtain database credentials via a URL in the hostname parameter and reading the parameters in the response sent to the URL.
CVE-2015-1042 1 Mantisbt 1 Mantisbt 2021-01-12 5.8 MEDIUM N/A
The string_sanitize_url function in core/string_api.php in MantisBT 1.2.0a3 through 1.2.18 uses an incorrect regular expression, which allows remote attackers to conduct open redirect and phishing attacks via a URL with a ":/" (colon slash) separator in the return parameter to login_page.php, a different vulnerability than CVE-2014-6316.
CVE-2014-6387 1 Mantisbt 1 Mantisbt 2021-01-12 5.0 MEDIUM N/A
gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind.
CVE-2012-1123 1 Mantisbt 1 Mantisbt 2021-01-12 7.5 HIGH N/A
The mci_check_login function in api/soap/mc_api.php in the SOAP API in MantisBT before 1.2.9 allows remote attackers to bypass authentication via a null password.
CVE-2012-1121 1 Mantisbt 1 Mantisbt 2021-01-12 4.9 MEDIUM N/A
MantisBT before 1.2.9 does not properly check permissions, which allows remote authenticated users with manager privileges to (1) modify or (2) delete global categories.
CVE-2014-9270 1 Mantisbt 1 Mantisbt 2021-01-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the projax_array_serialize_for_autocomplete function in core/projax_api.php in MantisBT 1.1.0a3 through 1.2.17 allows remote attackers to inject arbitrary web script or HTML via the "profile/Platform" field.
CVE-2012-2692 1 Mantisbt 1 Mantisbt 2021-01-12 3.6 LOW N/A
MantisBT before 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary attachments.
CVE-2014-8554 1 Mantisbt 1 Mantisbt 2021-01-12 7.5 HIGH N/A
SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1609.