GHSA-CRMX-4P49-46M2 MantisBT: Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked

MantisBT allows a bugnote author to access the note's Revisions page after losing access to the parent private issue. Impact Disclosure of the private Issue's Id and Summary. The bugnote full revision body remains secure. Patches - 71df1f67e05b2050cd4bd87839e6cc13747cf03f Workarounds None Credits...

PT-2026-39879

Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker MantisBT versions prior to 2.28.2 Description A bugnote author can access the Revisions page of a note even after losing access to the parent private issue. This leads to the disclosure of the private issue's ID and summary,...

CVE-2025-57681

The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability. The vulnerability is exploited via a specially crafted paylo...

CVE-2025-57681

The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability. The vulnerability is exploited via a specially crafted paylo...

PT-2026-3781

Name of the Vulnerable Software and Affected Versions WorklogPRO - Timesheets for Jira versions prior to 4.23.6-jira10 WorklogPRO - Timesheets for Jira versions prior to 4.23.5-jira9 Description The WorklogPRO - Timesheets for Jira plugin contains a flaw that allows the injection of arbitrary HTM...

CVE-2025-57681

The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability. The vulnerability is exploited via a specially crafted paylo...

CVE-2025-57681

The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability. The vulnerability is exploited via a specially crafted paylo...

CVE-2025-57681

The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability. The vulnerability is exploited via a specially crafted paylo...

CVE-2025-57681

The CVE-2025-57681 entry covers a Cross-Site Scripting (XSS) vulnerability in the WorklogPRO - Timesheets for Jira plugin for Jira Data Center. Concrete details from connected sources show: affected software and versions (WorklogPRO - Timesheets for Jira ≤ before 4.23.6-jira10 and ≤ before 4.23.5...

Dummy Issue

h3. Issue Summary This issue is created to test the automation rule to restrict the access level in case of a security bug. h3. Steps to Reproduce Dummy step 1 Dummy step 2 h3. Expected Results Dummy h3. Actual Results The below exception is thrown in the xxxxxxx.log file: noformat ... noformat h...

CVE-2024-5535

Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...

CVE-2024-4603

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...

Non Privilege User can Enable or Disable Registered

Vulnerability Type Insecure Direct Object Reference Affected URL https://localhost/openemr-6.0.0/interface/modules/zendmodules/public/Installer/manage Affected Parameters “modAction=enabled” Authentication Required? Yes Issue Summary Non-privilege users accounting & front-office can disable and...

FreeBSD : mantis -- multiple vulnerabilities (2dc8927b-54e0-11eb-9342-1c697a013f4b)

Mantis 2.24.4 release reports : Security and maintenance release, addressing 6 CVEs : - 0027726: CVE-2020-29603: disclosure of private project name - 0027727: CVE-2020-29605: disclosure of private issue summary - 0027728: CVE-2020-29604: full disclosure of private issue contents, including bugnot...