Mantisbt
by Mantisbt
Source repositories
CVEs (125)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-2574 | 0.00 | — | 0.02 | Aug 10, 2010 | Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action. | |||
| CVE-2008-3102 | 0.00 | — | 0.02 | Sep 24, 2008 | Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | |||
| CVE-2008-3333 | 0.00 | — | 0.02 | Jul 27, 2008 | Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php). | |||
| CVE-2005-3336 | 0.00 | — | 0.02 | Oct 27, 2005 | SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||
| CVE-2004-2666 | 0.00 | — | 0.01 | Dec 31, 2004 | Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page. |
- CVE-2010-2574Aug 10, 2010risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action.
- CVE-2008-3102Sep 24, 2008risk 0.00cvss —epss 0.02
Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
- CVE-2008-3333Jul 27, 2008risk 0.00cvss —epss 0.02
Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).
- CVE-2005-3336Oct 27, 2005risk 0.00cvss —epss 0.02
SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
- CVE-2004-2666Dec 31, 2004risk 0.00cvss —epss 0.01
Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page.
Page 7 of 7