VYPR

Mantisbt

by Mantisbt

Source repositories

CVEs (125)

  • CVE-2017-12061MedAug 1, 2017
    risk 0.33cvss 6.1epss 0.03

    An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code,…

  • CVE-2017-7897MedApr 18, 2017
    risk 0.33cvss 6.1epss 0.02

    A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x before 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote attackers to inject arbitrary code (if CSP settings permit it) through crafted…

  • CVE-2017-12419MedAug 5, 2017
    risk 0.32cvss 4.9epss 0.01

    If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" section of the MantisBT Admin Guide), and the MySQL client has a local_infile…

  • CVE-2017-7309MedMar 31, 2017
    risk 0.29cvss 4.8epss 0.58

    A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3.

  • CVE-2026-39960MedMay 20, 2026
    risk 0.28cvss 5.4epss 0.00

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and below contain flawed logic that causes improper escaping of a textarea custom field's contents in the Update Issue page, (bug_update_page.php) allowing an attacker to inject HTML and, if CSP…

  • CVE-2015-5059MedAug 1, 2017
    risk 0.28cvss 5.3epss 0.01

    The "Project Documentation" feature in MantisBT 1.2.19 and earlier, when the threshold to access files ($g_view_proj_doc_threshold) is set to ANYBODY, allows remote authenticated users to download attachments linked to arbitrary private projects via a file id number in the…

  • CVE-2014-9271MedJan 9, 2015
    risk 0.28cvss 5.4epss 0.02

    Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename.

  • CVE-2026-42070MedMay 28, 2026
    risk 0.27cvss epss 0.00

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, the mc_issue_update() function in MantisBT allows users having update_bug_threshold access (UPDATER, with default settings) to edit, change view state, and modify time tracking on bugnotes belonging…

  • CVE-2026-41897MedMay 28, 2026
    risk 0.27cvss epss 0.00

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filter_target parameter on return_dynamic_filters.php (normally used as an AJAX in View Issues Page) allows an attacker to inject arbitrary HTML if the target is a TEXTAREA…

  • CVE-2026-34970MedMay 20, 2026
    risk 0.27cvss epss 0.00

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note's Revisions page after losing access to the parent private issue. This issue has been fixed in version 2.28.2.

  • CVE-2026-34744MedMay 19, 2026
    risk 0.27cvss epss 0.00

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior permit a user to list and download their own attachments from an Issue created by another user even after it becomes private, bypassing read access revocation. The loss of confidentiality…

  • CVE-2026-34579MedMay 19, 2026
    risk 0.27cvss epss 0.00

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bug_monitor_add.php, a user with project-level access can add themselves…

  • CVE-2026-33052MedMay 19, 2026
    risk 0.27cvss epss 0.00

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "add_profile_threshold" permission to create a global profile despite not having manage_global_profile_threshold, by tampering with…

  • CVE-2026-34390MedMay 19, 2026
    risk 0.26cvss epss 0.00

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior have a Privilege Escalation vulnerability where insufficient access control checks in ProjectUsersAddCommand (manage_proj_user_add.php) allow users having manage_project_threshold access…

  • CVE-2017-7241MedMar 31, 2017
    risk 0.24cvss 4.8epss 0.01

    A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) settings allows it. This is…

  • CVE-2017-6973MedMar 31, 2017
    risk 0.24cvss 4.8epss 0.01

    A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2.

  • CVE-2016-7111MedFeb 17, 2017
    risk 0.24cvss 4.7epss 0.01

    MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

  • CVE-2026-34754MedMay 20, 2026
    risk 0.21cvss 4.3epss 0.00

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow an authenticated user to upload attachments to private Issues they are not authorized to access. This issue has been fixed in version 2.28.2.

  • CVE-2018-6382LowJan 30, 2018
    risk 0.21cvss 3.3epss 0.01

    MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is intended to execute arbitrary SQL…

  • CVE-2008-4687Oct 22, 2008
    risk 0.08cvss epss 0.67

    manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.

Page 2 of 7