VYPR

Vendor CVEs

Mantisbt

All CVEs

171 total · sorted by risk
  • CVE-2002-1113Oct 4, 2002
    risk 0.03cvss epss 0.03

    summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code.

  • CVE-2022-28508May 4, 2022
    risk 0.02cvss epss 0.05

    An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.

  • CVE-2008-4688Oct 22, 2008
    risk 0.01cvss epss 0.12

    core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number.

  • CVE-2005-3335Oct 27, 2005
    risk 0.01cvss epss 0.07

    PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter.

  • CVE-2026-33548Mar 23, 2026
    risk 0.00cvss epss 0.00

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. In version 2.28.0, improper escaping of tag names retrieved from History in Timeline (my_view_page.php) allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when…

  • CVE-2026-33517Mar 23, 2026
    risk 0.00cvss epss 0.00

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. In version 2.28.0, when deleting a Tag (tag_delete.php), improper escaping of its name when displaying the confirmation message allows an attacker to inject HTML and, if CSP settings permit, achieve execution of…

  • CVE-2026-30849Mar 23, 2026
    risk 0.00cvss epss 0.00

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions prior to 2.28.1 running on MySQL family databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of an improper type checking on the password parameter. Other database…

  • CVE-2025-62520Nov 4, 2025
    risk 0.00cvss epss 0.00

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, due to insufficient access-level checks, any non-admin user with access to manage_config_columns_page.php can use the Copy From action to retrieve the columns configuration from a…

  • CVE-2025-55155Nov 4, 2025
    risk 0.00cvss epss 0.00

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, when a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. This could result in storing an invalid email…

  • CVE-2025-47776Nov 4, 2025
    risk 0.00cvss epss 0.00

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. Due to incorrect use of loose (==) instead of strict (===) comparison in the authentication code in versions 2.27.1 and below.PHP type juggling will cause certain MD5 hashes matching scientific notation to be…

  • CVE-2025-46556Nov 4, 2025
    risk 0.00cvss epss 0.00

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.27.1 and below allow attackers to permanently corrupt issue activity logs by submitting extremely long notes (tested with 4,788,761 characters) due to a lack of server-side validation of note length. Once…

  • CVE-2024-45792Sep 30, 2024
    risk 0.00cvss epss 0.01

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. Using a crafted POST request, an unprivileged, registered user is able to retrieve information about other users' personal system profiles. This vulnerability is fixed in 2.26.4.

  • CVE-2024-34081May 13, 2024
    risk 0.00cvss epss 0.01

    MantisBT (Mantis Bug Tracker) is an open source issue tracker. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues (`bug_change_status_page.php`)…

  • CVE-2024-34080May 13, 2024
    risk 0.00cvss epss 0.01

    MantisBT (Mantis Bug Tracker) is an open source issue tracker. If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains…

  • CVE-2024-34077May 13, 2024
    risk 0.00cvss epss 0.01

    MantisBT (Mantis Bug Tracker) is an open source issue tracker. Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit…

  • CVE-2024-23830Feb 20, 2024
    risk 0.00cvss epss 0.01

    MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As…

  • CVE-2023-49802Dec 11, 2023
    risk 0.00cvss epss 0.01

    The LinkedCustomFields plugin for MantisBT allows users to link values between two custom fields, creating linked drop-downs. Prior to version 2.0.1, cross-site scripting in the MantisBT LinkedCustomFields plugin allows Javascript execution, when a crafted Custom Field is linked…

  • CVE-2023-44394Oct 16, 2023
    risk 0.00cvss epss 0.01

    MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit `65c44883f` which has been…

  • CVE-2023-22476Feb 23, 2023
    risk 0.00cvss epss 0.01

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the _Summary_ field of private Issues (i.e. having Private view status, or…

  • CVE-2022-33910Jun 24, 2022
    risk 0.00cvss epss 0.01

    An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download.php opens the SVG document in a browser tab instead of downloading it as a file,…

  • CVE-2021-43257Apr 14, 2022
    risk 0.00cvss epss 0.01

    Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel.

  • CVE-2022-26144Apr 13, 2022
    risk 0.00cvss epss 0.01

    An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code (if CSP allows it) in manage_plugin_page.php and manage_plugin_uninstall.php when a crafted plugin is installed.

  • CVE-2020-36192Jan 18, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues (either marked as Private, or part of a private Project), if they are attached to an existing Changeset. The information is…

  • CVE-2020-8981Feb 13, 2020
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 for MantisBT. The repo_delete.php Delete Repository page allows execution of arbitrary code via a repo name (if CSP settings permit it). This is related…

  • CVE-2009-2802Nov 9, 2019
    risk 0.00cvss epss 0.01

    MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks.

  • CVE-2013-1811Nov 7, 2019
    risk 0.00cvss epss 0.01

    An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".

  • CVE-2013-1934Oct 31, 2019
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value.

  • CVE-2013-1932Oct 31, 2019
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name.

  • CVE-2013-1931Oct 31, 2019
    risk 0.00cvss epss 0.02

    A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version.

  • CVE-2013-1930Oct 31, 2019
    risk 0.00cvss epss 0.01

    MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues.

  • CVE-2018-9839Jun 6, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in MantisBT through 1.3.14, and 2.0.0. Using a crafted request on bug_report_page.php (modifying the 'm_id' parameter), any user with REPORTER access or above is able to view any private issue's details (summary, description, steps to reproduce,…

  • CVE-2018-6526MedFeb 2, 2018
    risk 0.00cvss 5.3epss 0.04

    view_all_bug_page.php in MantisBT 2.10.0-development before 2018-02-02 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php.

  • CVE-2014-8987Aug 24, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the "set configuration" box in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the config_option parameter, a different…

  • CVE-2015-1042Feb 10, 2015
    risk 0.00cvss epss 0.02

    The string_sanitize_url function in core/string_api.php in MantisBT 1.2.0a3 through 1.2.18 uses an incorrect regular expression, which allows remote attackers to conduct open redirect and phishing attacks via a URL with a ":/" (colon slash) separator in the return parameter to…

  • CVE-2014-9573Jan 26, 2015
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie.

  • CVE-2014-9572Jan 26, 2015
    risk 0.00cvss epss 0.02

    MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to /*/install.php, which allows remote attackers to obtain database credentials via the install parameter with the value 4.

  • CVE-2014-9571Jan 26, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in admin/install.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter.

  • CVE-2014-9272Jan 9, 2015
    risk 0.00cvss epss 0.02

    The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly validate the URL protocol, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the javascript:// protocol.

  • CVE-2014-9269Jan 9, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie.

  • CVE-2014-9506Jan 4, 2015
    risk 0.00cvss epss 0.01

    MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues.

  • CVE-2014-9388Dec 17, 2014
    risk 0.00cvss epss 0.02

    bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter.

  • CVE-2014-8553Dec 17, 2014
    risk 0.00cvss epss 0.02

    The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT before 1.2.18 allows remote attackers to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_get, (3) mc_filter_get_issues, or (4) mc_project_get_issues SOAP request.

  • CVE-2014-6316Dec 12, 2014
    risk 0.00cvss epss 0.02

    core/string_api.php in MantisBT before 1.2.18 does not properly categorize URLs when running under the web root, which allows remote attackers to conduct open redirect and phishing attacks via a crafted URL in the return parameter to login_page.php.

  • CVE-2014-9281Dec 9, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in admin/copy_field.php in MantisBT before 1.2.18 allows remote attackers to inject arbitrary web script or HTML via the dest_id field.

  • CVE-2014-9280Dec 8, 2014
    risk 0.00cvss epss 0.03

    The current_user_get_bug_filter function in core/current_user_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary PHP code via the filter parameter.

  • CVE-2014-9279Dec 8, 2014
    risk 0.00cvss epss 0.02

    The print_test_result function in admin/upgrade_unattended.php in MantisBT 1.1.0a3 through 1.2.x before 1.2.18 allows remote attackers to obtain database credentials via a URL in the hostname parameter and reading the parameters in the response sent to the URL.

  • CVE-2014-9270Dec 8, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the projax_array_serialize_for_autocomplete function in core/projax_api.php in MantisBT 1.1.0a3 through 1.2.17 allows remote attackers to inject arbitrary web script or HTML via the "profile/Platform" field.

  • CVE-2014-9117Dec 6, 2014
    risk 0.00cvss epss 0.02

    MantisBT before 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote attackers to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPTCHA answer for a public_key parameter value, as demonstrated by E4652 for the…

  • CVE-2014-9089Nov 28, 2014
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php.

  • CVE-2014-8988Nov 24, 2014
    risk 0.00cvss epss 0.02

    MantisBT before 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict access to attachments and a…