Search CVE reports
1 – 10 of 116 results
CVE-2020-28413
Low priorityNot in release
In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP.
1 affected packages
mantis
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mantis | — | — | Not in release | Not in release | Not in release |
CVE-2020-25830
Medium priorityNot in release
An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said...
1 affected packages
mantis
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mantis | — | — | Not in release | Not in release | Not in release |
CVE-2020-25781
Medium priorityNot in release
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing...
1 affected packages
mantis
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mantis | — | — | Not in release | Not in release | Not in release |
CVE-2020-25288
Unknown priorityNot in release
An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute...
1 affected packages
mantis
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mantis | — | — | Not in release | Not in release | Not in release |
CVE-2009-2802
Medium priorityMantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks.
1 affected packages
mantis
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mantis | — | — | — | — | — |
CVE-2013-1811
Medium priorityAn access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".
1 affected packages
mantis
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mantis | — | — | — | — | Not in release |
CVE-2013-1934
Medium priorityA cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value.
1 affected packages
mantis
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mantis | — | — | — | — | Not in release |
CVE-2013-1932
Medium priorityA cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name.
1 affected packages
mantis
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mantis | — | — | — | — | — |
CVE-2013-1931
Medium priorityA cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version.
1 affected packages
mantis
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mantis | — | — | — | — | — |
CVE-2013-1930
Medium priorityMantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues.
1 affected packages
mantis
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mantis | — | — | — | — | — |