VYPR

Mantisbt

by Mantisbt

Source repositories

CVEs (125)

  • CVE-2010-2574Aug 10, 2010
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action.

  • CVE-2008-3102Sep 24, 2008
    risk 0.00cvss epss 0.02

    Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

  • CVE-2008-3333Jul 27, 2008
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).

  • CVE-2005-3336Oct 27, 2005
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

  • CVE-2004-2666Dec 31, 2004
    risk 0.00cvss epss 0.01

    Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page.

Page 7 of 7