| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-28508 |
79 |
|
XSS |
2022-05-04 |
2022-05-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field. |
|
2 |
CVE-2022-26144 |
79 |
|
Exec Code XSS |
2022-04-13 |
2022-04-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code (if CSP allows it) in manage_plugin_page.php and manage_plugin_uninstall.php when a crafted plugin is installed. |
|
3 |
CVE-2021-43257 |
1236 |
|
Exec Code +Priv |
2022-04-14 |
2022-04-22 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel. |
|
4 |
CVE-2021-33557 |
79 |
|
XSS |
2021-06-17 |
2021-06-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field. |
|
5 |
CVE-2020-35849 |
863 |
|
+Priv |
2020-12-30 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in MantisBT before 2.24.4. An incorrect access check in bug_revision_view_page.php allows an unprivileged attacker to view the Summary field of private issues, as well as bugnotes revisions, gaining access to potentially confidential information via the bugnote_id parameter. |
|
6 |
CVE-2020-35571 |
79 |
|
XSS |
2021-02-22 |
2021-02-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in MantisBT through 2.24.3. In the helper_ensure_confirmed call in manage_custom_field_update.php, the custom field name is not sanitized. This may be problematic depending on CSP settings. |
|
7 |
CVE-2020-25830 |
79 |
|
XSS |
2020-09-30 |
2020-10-13 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bug_actiongroup_page.php. |
|
8 |
CVE-2020-25781 |
863 |
|
|
2020-09-30 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly. |
|
9 |
CVE-2020-25288 |
79 |
|
XSS |
2020-09-30 |
2020-10-13 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of arbitrary JavaScript. |
|
10 |
CVE-2020-16266 |
79 |
|
Exec Code XSS |
2020-08-12 |
2020-08-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on view_all_bug_page.php allows a remote attacker to inject arbitrary HTML into the page by saving it into a text Custom Field, leading to possible code execution in the browser of any user subsequently viewing the issue (if CSP settings allow it). |
|
11 |
CVE-2019-15715 |
78 |
|
Exec Code |
2019-10-09 |
2020-09-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution. |
|
12 |
CVE-2019-15539 |
79 |
|
Exec Code XSS |
2020-03-19 |
2020-03-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed when editing the document's page. |
|
13 |
CVE-2019-15074 |
79 |
|
Exec Code XSS |
2019-08-21 |
2019-09-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed for any user having visibility to the issue, whenever My View Page is displayed. |
|
14 |
CVE-2018-17783 |
79 |
|
XSS |
2018-10-30 |
2018-12-07 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name. |
|
15 |
CVE-2018-17782 |
79 |
|
XSS |
2018-10-30 |
2018-12-07 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name. |
|
16 |
CVE-2018-16514 |
79 |
|
XSS |
2019-06-20 |
2019-06-21 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filter_edit_page.php) in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-13055. |
|
17 |
CVE-2018-14504 |
79 |
|
Exec Code XSS |
2018-08-03 |
2018-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'foobar" onclick="alert(1)'). |
|
18 |
CVE-2018-13055 |
79 |
|
XSS |
2018-08-03 |
2018-10-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. |
|
19 |
CVE-2018-9839 |
20 |
|
|
2019-06-06 |
2019-06-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An issue was discovered in MantisBT through 1.3.14, and 2.0.0. Using a crafted request on bug_report_page.php (modifying the 'm_id' parameter), any user with REPORTER access or above is able to view any private issue's details (summary, description, steps to reproduce, additional information) when cloning it. By checking the 'Copy issue notes' and 'Copy attachments' checkboxes and completing the clone operation, this data also becomes public (except private notes). |
|
20 |
CVE-2018-6526 |
200 |
|
+Info |
2018-02-02 |
2018-04-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
view_all_bug_page.php in MantisBT 2.10.0-development before 2018-02-02 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php. |
|
21 |
CVE-2017-12061 |
79 |
|
XSS |
2017-08-01 |
2021-11-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by the $f_database, $f_db_username, and $f_admin_username variables. This is mitigated by the fact that the admin/ folder should be deleted after installation, and also prevented by CSP. |
|
22 |
CVE-2017-7620 |
352 |
|
CSRF |
2017-05-21 |
2017-07-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI. |
|
23 |
CVE-2017-7615 |
640 |
|
|
2017-04-16 |
2020-09-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. |
|
24 |
CVE-2017-7222 |
79 |
|
XSS |
2017-03-22 |
2017-03-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged access to MantisBT configuration management pages (i.e., administrator access rights) or altering the system configuration file (config_inc.php). |
|
25 |
CVE-2017-6799 |
79 |
|
XSS |
2017-03-10 |
2019-03-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter. |
|
26 |
CVE-2017-6797 |
79 |
|
XSS |
2017-03-10 |
2019-03-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter. |
|
27 |
CVE-2016-7111 |
79 |
|
XSS |
2017-02-17 |
2017-02-22 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. |
|
28 |
CVE-2016-6837 |
79 |
|
XSS |
2017-01-10 |
2017-01-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in MantisBT Filter API in MantisBT versions before 1.2.19, and versions 2.0.0-beta1, 1.3.0-beta1 allows remote attackers to inject arbitrary web script or HTML via the 'view_type' parameter. |
|
29 |
CVE-2016-5364 |
79 |
|
XSS |
2017-02-17 |
2017-02-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter. |
|
30 |
CVE-2015-5059 |
200 |
|
+Info |
2017-08-01 |
2017-08-07 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
The "Project Documentation" feature in MantisBT 1.2.19 and earlier, when the threshold to access files ($g_view_proj_doc_threshold) is set to ANYBODY, allows remote authenticated users to download attachments linked to arbitrary private projects via a file id number in the file_id parameter to file_download.php. |
|
31 |
CVE-2014-9701 |
79 |
|
XSS |
2017-08-09 |
2017-08-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter to permalink_page.php. |
|
32 |
CVE-2014-9624 |
287 |
|
Bypass |
2017-09-12 |
2017-09-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
CAPTCHA bypass vulnerability in MantisBT before 1.2.19. |
|
33 |
CVE-2014-9573 |
89 |
|
Exec Code Sql |
2015-01-26 |
2017-09-08 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie. |
|
34 |
CVE-2014-9572 |
284 |
|
|
2015-01-26 |
2017-09-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to /*/install.php, which allows remote attackers to obtain database credentials via the install parameter with the value 4. |
|
35 |
CVE-2014-9571 |
79 |
|
XSS |
2015-01-26 |
2017-09-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in admin/install.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter. |
|
36 |
CVE-2014-9506 |
200 |
|
+Info |
2015-01-04 |
2017-01-03 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues. |
|
37 |
CVE-2014-9388 |
284 |
|
|
2014-12-17 |
2017-01-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter. |
|
38 |
CVE-2014-9281 |
79 |
|
XSS |
2014-12-09 |
2017-09-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in admin/copy_field.php in MantisBT before 1.2.18 allows remote attackers to inject arbitrary web script or HTML via the dest_id field. |
|
39 |
CVE-2014-9280 |
94 |
|
Exec Code |
2014-12-08 |
2017-09-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The current_user_get_bug_filter function in core/current_user_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary PHP code via the filter parameter. |
|
40 |
CVE-2014-9117 |
284 |
|
Bypass |
2014-12-06 |
2017-09-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
MantisBT before 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote attackers to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPTCHA answer for a public_key parameter value, as demonstrated by E4652 for the public_key value 0. |
|
41 |
CVE-2014-9089 |
89 |
|
Exec Code Sql |
2014-11-28 |
2017-01-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php. |
|
42 |
CVE-2014-8598 |
19 |
|
Exec Code +Info |
2014-11-18 |
2017-09-08 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code. |
|
43 |
CVE-2014-8554 |
89 |
|
Exec Code Sql |
2014-11-13 |
2021-01-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1609. |
|
44 |
CVE-2014-8553 |
200 |
|
+Info |
2014-12-17 |
2017-09-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT before 1.2.18 allows remote attackers to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_get, (3) mc_filter_get_issues, or (4) mc_project_get_issues SOAP request. |
|
45 |
CVE-2014-6387 |
287 |
|
Bypass |
2014-10-22 |
2021-01-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind. |
|
46 |
CVE-2014-6316 |
|
|
|
2014-12-12 |
2017-09-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
core/string_api.php in MantisBT before 1.2.18 does not properly categorize URLs when running under the web root, which allows remote attackers to conduct open redirect and phishing attacks via a crafted URL in the return parameter to login_page.php. |
|
47 |
CVE-2014-1609 |
89 |
|
Exec Code Sql |
2014-03-20 |
2021-01-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to the (1) mc_project_get_attachments function in api/soap/mc_project_api.php; the (2) news_get_limited_rows function in core/news_api.php; the (3) summary_print_by_enum, (4) summary_print_by_age, (5) summary_print_by_developer, (6) summary_print_by_reporter, or (7) summary_print_by_category function in core/summary_api.php; the (8) create_bug_enum_summary or (9) enum_bug_group function in plugins/MantisGraph/core/graph_api.php; (10) bug_graph_bycategory.php or (11) bug_graph_bystatus.php in plugins/MantisGraph/pages/; or (12) proj_doc_page.php, related to use of the db_query function, a different vulnerability than CVE-2014-1608. |
|
48 |
CVE-2014-1608 |
89 |
|
Exec Code Sql |
2014-03-18 |
2021-01-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request. |
|
49 |
CVE-2013-1934 |
79 |
|
XSS |
2019-10-31 |
2019-11-01 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value. |
|
50 |
CVE-2013-1930 |
20 |
|
|
2019-10-31 |
2019-11-07 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues. |
