Filtered by vendor Mantisbt
Subscribe
Total
113 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-22476 | 1 Mantisbt | 1 Mantisbt | 2023-03-03 | N/A | 4.3 MEDIUM |
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the _Summary_ field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted `bug_arr[]` parameter in *bug_actiongroup_ext.php*. This issue is fixed in version 2.25.6. There are no workarounds. | |||||
CVE-2019-15715 | 1 Mantisbt | 1 Mantisbt | 2023-01-20 | 6.5 MEDIUM | 7.2 HIGH |
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution. | |||||
CVE-2017-7615 | 1 Mantisbt | 1 Mantisbt | 2023-01-20 | 6.5 MEDIUM | 8.8 HIGH |
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. | |||||
CVE-2022-33910 | 1 Mantisbt | 1 Mantisbt | 2022-07-06 | 3.5 LOW | 5.4 MEDIUM |
An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download.php opens the SVG document in a browser tab instead of downloading it as a file, causing the JavaScript code to execute. | |||||
CVE-2022-28508 | 1 Mantisbt | 1 Mantisbt | 2022-05-12 | 4.3 MEDIUM | 6.1 MEDIUM |
An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field. | |||||
CVE-2021-43257 | 1 Mantisbt | 1 Mantisbt | 2022-04-22 | 6.0 MEDIUM | 7.8 HIGH |
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel. | |||||
CVE-2022-26144 | 1 Mantisbt | 1 Mantisbt | 2022-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code (if CSP allows it) in manage_plugin_page.php and manage_plugin_uninstall.php when a crafted plugin is installed. | |||||
CVE-2017-12061 | 1 Mantisbt | 1 Mantisbt | 2021-11-01 | 4.3 MEDIUM | 6.1 MEDIUM |
An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by the $f_database, $f_db_username, and $f_admin_username variables. This is mitigated by the fact that the admin/ folder should be deleted after installation, and also prevented by CSP. | |||||
CVE-2020-35849 | 1 Mantisbt | 1 Mantisbt | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in MantisBT before 2.24.4. An incorrect access check in bug_revision_view_page.php allows an unprivileged attacker to view the Summary field of private issues, as well as bugnotes revisions, gaining access to potentially confidential information via the bugnote_id parameter. | |||||
CVE-2020-25781 | 1 Mantisbt | 1 Mantisbt | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly. | |||||
CVE-2021-33557 | 1 Mantisbt | 1 Mantisbt | 2021-06-21 | 4.3 MEDIUM | 6.1 MEDIUM |
An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field. | |||||
CVE-2017-6958 | 1 Mantisbt | 1 Source Integration | 2021-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
An XSS vulnerability in the MantisBT Source Integration Plugin (before 2.0.2) search result page allows an attacker to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by crafting any valid parameter. | |||||
CVE-2009-20001 | 1 Mantisbt | 1 Mantisbt | 2021-03-11 | 5.5 MEDIUM | 8.1 HIGH |
An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as them. | |||||
CVE-2014-9271 | 2 Debian, Mantisbt | 2 Debian Linux, Mantisbt | 2021-03-04 | 4.3 MEDIUM | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename. | |||||
CVE-2020-35571 | 1 Mantisbt | 1 Mantisbt | 2021-02-25 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in MantisBT through 2.24.3. In the helper_ensure_confirmed call in manage_custom_field_update.php, the custom field name is not sanitized. This may be problematic depending on CSP settings. | |||||
CVE-2020-29603 | 2 Mantisbt, Microsoft | 2 Mantisbt, Windows | 2021-01-29 | 4.0 MEDIUM | 4.3 MEDIUM |
In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them. | |||||
CVE-2020-29604 | 2 Mantisbt, Microsoft | 2 Mantisbt, Windows | 2021-01-29 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php allows an attacker (with rights to create new issues) to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue (i.e., one having Private view status, or belonging to a private Project) via the bug_arr[] parameter. This provides full access to potentially confidential information. | |||||
CVE-2020-29605 | 2 Mantisbt, Microsoft | 2 Mantisbt, Windows | 2021-01-29 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in MantisBT before 2.24.4. Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary fields of private Issues via bug_arr[]= in a crafted bug_actiongroup_page.php URL. (The target Issues can have Private view status, or belong to a private Project.) | |||||
CVE-2020-36192 | 1 Mantisbt | 1 Source Integration | 2021-01-22 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues (either marked as Private, or part of a private Project), if they are attached to an existing Changeset. The information is visible on the view.php page, as well as on the list.php page (a pop-up on the Affected Issues id hyperlink). Additionally, if the attacker has "Update threshold" in the plugin's configuration (set to the "updater" access level by default), then they can link any Issue to a Changeset by entering the Issue's Id, even if they do not have access to it. | |||||
CVE-2013-4460 | 1 Mantisbt | 1 Mantisbt | 2021-01-12 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via a project name. |