Product:

Mantisbt

(Mantisbt)
Repositories https://github.com/mantisbt/mantisbt
#Vulnerabilities 92
Date ID Summary Products Score Patch
2020-03-19 CVE-2019-15539 The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed when editing the document's page. Mantisbt N/A
2019-11-09 CVE-2009-2802 MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks. Mantisbt N/A
2019-11-07 CVE-2013-1811 An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New". Debian_linux, Mantisbt N/A
2019-10-31 CVE-2013-1930 MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues. Fedora, Mantisbt N/A
2019-10-31 CVE-2013-1931 A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version. Fedora, Mantisbt N/A
2019-10-31 CVE-2013-1932 A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name. Mantisbt N/A
2019-10-31 CVE-2013-1934 A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value. Debian_linux, Mantisbt N/A
2019-10-09 CVE-2019-15715 MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution. Mantisbt N/A
2019-08-21 CVE-2019-15074 The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed for any user having visibility to the issue, whenever My View Page is displayed. Mantisbt 9.6
2019-06-20 CVE-2018-16514 A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filter_edit_page.php) in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-13055. Mantisbt 4.7