Mantisbt - Vulncode-DB

Product:
Mantisbt
(Mantisbt)

Repositories	https://github.com/mantisbt/mantisbt
#Vulnerabilities	92

Date	ID	Summary	Products	Score	Patch
2020-03-19	CVE-2019-15539	The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed when editing the document's page.	Mantisbt	N/A
2019-11-09	CVE-2009-2802	MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks.	Mantisbt	N/A
2019-11-07	CVE-2013-1811	An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".	Debian_linux, Mantisbt	N/A
2019-10-31	CVE-2013-1930	MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues.	Fedora, Mantisbt	N/A
2019-10-31	CVE-2013-1931	A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version.	Fedora, Mantisbt	N/A
2019-10-31	CVE-2013-1932	A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name.	Mantisbt	N/A
2019-10-31	CVE-2013-1934	A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value.	Debian_linux, Mantisbt	N/A
2019-10-09	CVE-2019-15715	MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.	Mantisbt	N/A
2019-08-21	CVE-2019-15074	The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed for any user having visibility to the issue, whenever My View Page is displayed.	Mantisbt	9.6
2019-06-20	CVE-2018-16514	A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filter_edit_page.php) in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-13055.	Mantisbt	4.7