Mantisbt
by Mantisbt
Source repositories
CVEs (125)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-7615 | Hig | 0.67 | 8.8 | 0.91 | Apr 16, 2017 | MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. | ||
| CVE-2026-44655 | Hig | 0.49 | — | 0.00 | May 28, 2026 | Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it (which typically requires manager or administrator access level) to inject HTML in Move Attachments admin page. This vulnerability is… | ||
| CVE-2026-34463 | Hig | 0.49 | — | 0.00 | May 19, 2026 | Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior contain a Stored XSS vulnerability. When cloning an issue originating from a Project other than the current one, the clone form (bug_report_page.php) prepends the source Project name before… | ||
| CVE-2014-9624 | Hig | 0.49 | 7.5 | 0.03 | Sep 12, 2017 | CAPTCHA bypass vulnerability in MantisBT before 1.2.19. | ||
| CVE-2026-44657 | Hig | 0.42 | — | 0.00 | May 28, 2026 | Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, using show_inline=1 parameter and a valid file_show_inline_token CSRF token on file_download.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript… | ||
| CVE-2026-40607 | Hig | 0.42 | — | 0.00 | May 22, 2026 | Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.11.0 through 2.28.1, a Stored XSS vulnerability is caused by incorrect escaping of a saved filter's owner, allowing an attacker to inject arbitrary HTML on systems where $g_show_user_realname = ON. Note… | ||
| CVE-2026-40597 | Hig | 0.42 | — | 0.01 | May 22, 2026 | Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.28.1 and below, given any pre-existing XSS / HTML injection vulnerability, an attacker can bypass the Content Security Policy's script-src directive by uploading a crafted attachment to any issue that,… | ||
| CVE-2026-42071 | Hig | 0.40 | — | 0.00 | May 28, 2026 | Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authenticated user (REPORTER+) to download attachments on private bugnotes they should not be able to access, via… | ||
| CVE-2026-40596 | Hig | 0.40 | — | 0.00 | May 22, 2026 | Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.11.0 through 2.28.1 allow any authenticated user to inject arbitrary HTML by updating their account's font family. Upon exploitation, an XSS payload would be reflected on every MantisBT page. Leveraging… | ||
| CVE-2015-2046 | Med | 0.40 | 6.1 | 0.02 | Aug 28, 2017 | Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later before 1.2.20. | ||
| CVE-2017-7222 | Med | 0.40 | 6.1 | 0.01 | Mar 22, 2017 | A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged access to MantisBT… | ||
| CVE-2017-6799 | Med | 0.40 | 6.1 | 0.04 | Mar 10, 2017 | A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter. | ||
| CVE-2017-6797 | Med | 0.40 | 6.1 | 0.02 | Mar 10, 2017 | A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter. | ||
| CVE-2016-5364 | Med | 0.40 | 6.1 | 0.02 | Feb 17, 2017 | Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter. | ||
| CVE-2016-6837 | Med | 0.40 | 6.1 | 0.04 | Jan 10, 2017 | Cross-site scripting (XSS) vulnerability in MantisBT Filter API in MantisBT versions before 1.2.19, and versions 2.0.0-beta1, 1.3.0-beta1 allows remote attackers to inject arbitrary web script or HTML via the 'view_type' parameter. | ||
| CVE-2026-40598 | Med | 0.38 | — | 0.00 | May 22, 2026 | Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.28.1 and below, improper escaping of the redirection page (retrieved from the request's Referer header) allows an attacker to inject HTML. While this is generally not directly actionable as modern… | ||
| CVE-2017-7620 | Med | 0.38 | 6.5 | 0.01 | May 21, 2017 | MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary… | ||
| CVE-2014-9701 | Med | 0.35 | 6.5 | 0.02 | Aug 9, 2017 | Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter to permalink_page.php. | ||
| CVE-2014-9759 | Med | 0.35 | 5.3 | 0.02 | Apr 11, 2016 | Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request. | ||
| CVE-2017-12062 | Med | 0.33 | 6.1 | 0.04 | Aug 1, 2017 | An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled. |
- risk 0.67cvss 8.8epss 0.91
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
- risk 0.49cvss —epss 0.00
Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it (which typically requires manager or administrator access level) to inject HTML in Move Attachments admin page. This vulnerability is…
- risk 0.49cvss —epss 0.00
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior contain a Stored XSS vulnerability. When cloning an issue originating from a Project other than the current one, the clone form (bug_report_page.php) prepends the source Project name before…
- risk 0.49cvss 7.5epss 0.03
CAPTCHA bypass vulnerability in MantisBT before 1.2.19.
- risk 0.42cvss —epss 0.00
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, using show_inline=1 parameter and a valid file_show_inline_token CSRF token on file_download.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript…
- risk 0.42cvss —epss 0.00
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.11.0 through 2.28.1, a Stored XSS vulnerability is caused by incorrect escaping of a saved filter's owner, allowing an attacker to inject arbitrary HTML on systems where $g_show_user_realname = ON. Note…
- risk 0.42cvss —epss 0.01
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.28.1 and below, given any pre-existing XSS / HTML injection vulnerability, an attacker can bypass the Content Security Policy's script-src directive by uploading a crafted attachment to any issue that,…
- risk 0.40cvss —epss 0.00
Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authenticated user (REPORTER+) to download attachments on private bugnotes they should not be able to access, via…
- risk 0.40cvss —epss 0.00
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.11.0 through 2.28.1 allow any authenticated user to inject arbitrary HTML by updating their account's font family. Upon exploitation, an XSS payload would be reflected on every MantisBT page. Leveraging…
- risk 0.40cvss 6.1epss 0.02
Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later before 1.2.20.
- risk 0.40cvss 6.1epss 0.01
A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged access to MantisBT…
- risk 0.40cvss 6.1epss 0.04
A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter.
- risk 0.40cvss 6.1epss 0.02
A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter.
- risk 0.40cvss 6.1epss 0.02
Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter.
- risk 0.40cvss 6.1epss 0.04
Cross-site scripting (XSS) vulnerability in MantisBT Filter API in MantisBT versions before 1.2.19, and versions 2.0.0-beta1, 1.3.0-beta1 allows remote attackers to inject arbitrary web script or HTML via the 'view_type' parameter.
- risk 0.38cvss —epss 0.00
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.28.1 and below, improper escaping of the redirection page (retrieved from the request's Referer header) allows an attacker to inject HTML. While this is generally not directly actionable as modern…
- risk 0.38cvss 6.5epss 0.01
MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary…
- risk 0.35cvss 6.5epss 0.02
Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter to permalink_page.php.
- risk 0.35cvss 5.3epss 0.02
Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request.
- risk 0.33cvss 6.1epss 0.04
An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled.
Page 1 of 7