Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 116 results


CVE-2020-28413

Low priority

Not in release

In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP.

1 affected packages

mantis

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mantis Not in release Not in release Not in release
Show less packages

CVE-2020-25830

Medium priority

Not in release

An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said...

1 affected packages

mantis

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mantis Not in release Not in release Not in release
Show less packages

CVE-2020-25781

Medium priority

Not in release

An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing...

1 affected packages

mantis

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mantis Not in release Not in release Not in release
Show less packages

CVE-2020-25288

Unknown priority

Not in release

An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute...

1 affected packages

mantis

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mantis Not in release Not in release Not in release
Show less packages

CVE-2009-2802

Medium priority
Not affected

MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks.

1 affected packages

mantis

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mantis
Show less packages

CVE-2013-1811

Medium priority
Ignored

An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".

1 affected packages

mantis

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mantis Not in release
Show less packages

CVE-2013-1934

Medium priority
Ignored

A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value.

1 affected packages

mantis

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mantis Not in release
Show less packages

CVE-2013-1932

Medium priority
Not affected

A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name.

1 affected packages

mantis

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mantis
Show less packages

CVE-2013-1931

Medium priority
Not affected

A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version.

1 affected packages

mantis

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mantis
Show less packages

CVE-2013-1930

Medium priority
Not affected

MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues.

1 affected packages

mantis

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mantis
Show less packages