Mantisbt Security Vulnerabilities
MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As a workaround,...
8.3CVSS
7.6AI Score
0.0004EPSS
MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit 65c44883f which has been included in release...
4.3CVSS
4.5AI Score
0.001EPSS
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the Summary field of private Issues (i.e. having Private view status, or belonging to a private...
4.3CVSS
4.5AI Score
0.001EPSS
An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download.php opens the SVG document in a browser tab instead of downloading it as a file, causing the...
5.4CVSS
5.3AI Score
0.001EPSS
An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input...
6.1CVSS
5.9AI Score
0.001EPSS
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in...
7.8CVSS
7.7AI Score
0.093EPSS
An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code (if CSP allows it) in manage_plugin_page.php and manage_plugin_uninstall.php when a crafted plugin is...
6.1CVSS
6.2AI Score
0.001EPSS
An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input...
6.1CVSS
6.5AI Score
0.001EPSS
An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as...
8.1CVSS
7.3AI Score
0.001EPSS
An issue was discovered in MantisBT through 2.24.3. In the helper_ensure_confirmed call in manage_custom_field_update.php, the custom field name is not sanitized. This may be problematic depending on CSP...
6.1CVSS
7.5AI Score
0.001EPSS
An issue was discovered in MantisBT before 2.24.4. Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary fields of private Issues via bug_arr[]= in a crafted bug_actiongroup_page.php URL. (The target Issues can have Private view.....
4.3CVSS
7.3AI Score
0.001EPSS
An issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php allows an attacker (with rights to create new issues) to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue (i.e., one having Private view status,....
6.5CVSS
7.3AI Score
0.001EPSS
In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to...
4.3CVSS
7.3AI Score
0.001EPSS
In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API...
6.5CVSS
7.1AI Score
0.001EPSS
An issue was discovered in MantisBT before 2.24.4. An incorrect access check in bug_revision_view_page.php allows an unprivileged attacker to view the Summary field of private issues, as well as bugnotes revisions, gaining access to potentially confidential information via the bugnote_id...
7.5CVSS
7.3AI Score
0.003EPSS
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL...
4.3CVSS
4.6AI Score
0.001EPSS
An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via...
4.8CVSS
5.1AI Score
0.001EPSS
An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of...
4.8CVSS
5.3AI Score
0.001EPSS
An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on view_all_bug_page.php allows a remote attacker to inject arbitrary HTML into the page by saving it into a text Custom Field, leading to possible code execution in the browser of any user subsequently viewing the issue (if.....
5.4CVSS
7AI Score
0.001EPSS
The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed when editing the...
6.1CVSS
6AI Score
0.001EPSS
MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser...
6.1CVSS
6.1AI Score
0.001EPSS
A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a...
6.1CVSS
5.7AI Score
0.002EPSS
MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close...
4.3CVSS
4.9AI Score
0.002EPSS
A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex...
5.4CVSS
4.9AI Score
0.003EPSS
A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project...
5.4CVSS
5AI Score
0.002EPSS
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code...
7.2CVSS
7.2AI Score
0.018EPSS
The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed for any user having visibility to.....
9.6CVSS
6AI Score
0.003EPSS
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filter_edit_page.php) in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. NOTE: this...
4.7CVSS
5.4AI Score
0.002EPSS
An issue was discovered in MantisBT through 1.3.14, and 2.0.0. Using a crafted request on bug_report_page.php (modifying the 'm_id' parameter), any user with REPORTER access or above is able to view any private issue's details (summary, description, steps to reproduce, additional information) when....
6.5CVSS
6.6AI Score
0.001EPSS
A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project...
5.4CVSS
5.4AI Score
0.001EPSS
A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project...
5.4CVSS
5.4AI Score
0.001EPSS
An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'foobar"...
6.1CVSS
6.2AI Score
0.002EPSS
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted...
6.1CVSS
5.3AI Score
0.002EPSS
view_all_bug_page.php in MantisBT 2.10.0-development before 2018-02-02 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in...
5.3CVSS
6.8AI Score
0.003EPSS
MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is intended to execute arbitrary SQL statements on...
3.3CVSS
5.2AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.003EPSS
6.1CVSS
6AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter to...
6.5CVSS
6.1AI Score
0.002EPSS
If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" section of the MantisBT Admin Guide), and the MySQL client has a local_infile setting enabled (in...
4.9CVSS
6.8AI Score
0.001EPSS
An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by...
6.1CVSS
6.1AI Score
0.002EPSS
An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is...
6.1CVSS
6.8AI Score
0.002EPSS
The "Project Documentation" feature in MantisBT 1.2.19 and earlier, when the threshold to access files ($g_view_proj_doc_threshold) is set to ANYBODY, allows remote authenticated users to download attachments linked to arbitrary private projects via a file id number in the file_id parameter to...
5.3CVSS
5AI Score
0.002EPSS
MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial / substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via...
6.5CVSS
6.5AI Score
0.004EPSS
A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x before 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote attackers to inject arbitrary code (if CSP settings permit it) through crafted PATH_INFO in a...
6.1CVSS
6AI Score
0.002EPSS
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to...
8.8CVSS
8.8AI Score
0.974EPSS
A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) settings allows it. This is fixed in 1.3.9,...
4.8CVSS
5AI Score
0.008EPSS
A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter. This is fixed in 1.3.9, 2.1.3, and...
4.8CVSS
5AI Score
0.053EPSS
A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and...
4.8CVSS
5AI Score
0.004EPSS
A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged access to MantisBT configuration...
6.1CVSS
5.9AI Score
0.001EPSS
A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type'...
6.1CVSS
5.9AI Score
0.002EPSS