Lucene search
K

1149 matches found

Github Security Blog
Github Security Blog
added 2026/03/25 7:56 p.m.9 views

MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation

Improper escaping of Tag name when deleting it in tagdelete.php allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript. Impact Cross-site scripting XSS. Patches 80990f43153167c73f11eb4b2bc7108d0c3d6b46 Workarounds Revert commit...

8.6CVSS6AI score0.00243EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/24 12:0 a.m.4 views

MantisBT < 2.28.1 SOAP API Authentication Bypass (GHSA-phrq-pc6r-f6gh)

The version of MantisBT installed on the remote host is prior to 2.28.1. It is, therefore, affected by a vulnerability: - An authentication bypass vulnerability exists in the SOAP API due to improper type checking on the password parameter when running on MySQL family databases. Using a crafted...

9.8CVSS6AI score0.00413EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/03/24 12:0 a.m.10 views

MantisBT 2.28.x < 2.28.2 Timeline Tag Name XSS (GHSA-73vx-49mv-v8w5)

The version of MantisBT installed on the remote host is 2.28.x prior to 2.28.2. It is, therefore, affected by a vulnerability: - A cross-site scripting XSS vulnerability exists in the Timeline view myviewpage.php due to improper escaping of tag names retrieved from History. An attacker can inject...

8.6CVSS6.1AI score0.00196EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/24 12:0 a.m.6 views

MantisBT 2.28.0 Tag Deletion XSS (GHSA-fh48-f69w-7vmp)

The version of MantisBT installed on the remote host is 2.28.0. It is, therefore, affected by a vulnerability: - A cross-site scripting XSS vulnerability exists in the tag deletion confirmation page tagdelete.php due to improper escaping of the tag name when displaying the confirmation message. A...

8.6CVSS6.2AI score0.00243EPSS
Exploits0References2
OSV
OSV
added 2026/03/23 7:15 p.m.10 views

CVE-2026-33548 MantisBT has Stored HTML Injection / XSS when displaying Tags in Timeline

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, improper escaping of tag names retrieved from History in Timeline myviewpage.php allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that has...

8.6CVSS6.1AI score0.00196EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/01/23 9:45 p.m.232 views

Exploit for OS Command Injection in Mantisbt

CVE-2019...

7.2CVSS5.4AI score0.30003EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2026/01/09 9:28 a.m.9 views

CVE-2023-49802

The LinkedCustomFields plugin for MantisBT allows users to link values between two custom fields, creating linked drop-downs. Prior to version 2.0.1, cross-site scripting in the MantisBT LinkedCustomFields plugin allows Javascript execution, when a crafted Custom Field is linked via the plugin an...

6.7CVSS6AI score0.0066EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/13 5:47 a.m.6 views

Authentication Bypass

mantisbt/mantisbt is vulnerable to Authentication Bypass. The vulnerability is due to the use of loose comparison == instead of strict comparison === in authentication logic, which allows an attacker to exploit MD5 hash collisions interpreted as numeric zero and gain unauthorized access without...

9.1CVSS5.8AI score0.00326EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2025/11/04 8:48 p.m.79 views

CVE-2025-55155

CVE-2025-55155 affects MantisBT up to version 2.27.1, where changing a user’s email address isn’t validated for ownership. This can lead to storing an invalid email and potential information disclosure via notifications sent to another user’s address. The issue is fixed in version 2.27.2. Affecte...

5.4CVSS6AI score0.00149EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/04 8:31 p.m.3 views

CVE-2025-47776 MantisBT: Authentication bypass for some passwords due to PHP type juggling

Mantis Bug Tracker MantisBT is an open source issue tracker. Due to incorrect use of loose == instead of strict === comparison in the authentication code in versions 2.27.1 and below.PHP type juggling will cause certain MD5 hashes matching scientific notation to be interpreted as numbers. Instanc...

8.8CVSS6.9AI score0.00326EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/04 12:20 a.m.5 views

EUVD-2025-37509

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.27.1 and below allow attackers to permanently corrupt issue activity logs by submitting extremely long notes tested with 4,788,761 characters due to a lack of server-side validation of note length. Once such a note is added,...

6.5CVSS6.2AI score0.00375EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/11/04 12:0 a.m.7 views

MantisBT 授权问题漏洞

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. An authorization issue vulnerability exists in MantisBT 2.27.1 and earlier versions, which stems from insufficient...

5.3CVSS6.5AI score0.00241EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/11/04 12:0 a.m.8 views

MantisBT 安全漏洞

MantisBT is a Web-based open source defect tracking system from the MantisBT team. The system provides project management and defect tracking services in a web-operated format. A security vulnerability exists in MantisBT 2.27.1 and earlier versions that stems from the use of loose comparisons...

9.1CVSS6.5AI score0.00326EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/04 12:0 a.m.4 views

MantisBT 安全漏洞

MantisBT is a Web-based open source defect tracking system from the MantisBT team. The system provides project management and defect tracking services in a web-operated format. A security vulnerability exists in MantisBT 2.27.1 and earlier versions, which stems from an unvalidated comment length...

7.5CVSS6.5AI score0.00375EPSS
Exploits0References4
OSV
OSV
added 2025/11/03 8:13 p.m.5 views

GHSA-G582-8VWR-68H2 MantisBT unauthorized disclosure of private project column configuration

Impact Due to insufficient access-level checks, any non-admin user having access to manageconfigcolumnspage.php typically project managers having MANAGER role can use the Copy From action to retrieve the columns configuration from a private project they have no access to. Access to the reverse...

5.3CVSS6.9AI score0.00241EPSS
Exploits1References5
OSV
OSV
added 2025/11/03 8:12 p.m.5 views

GHSA-Q747-C74M-69PR MantisBT lacks verification when changing a user's email address

When a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. Impact This could result in storing an invalid email address, preventing the user from receiving system notifications. Notifications sent to another person'...

5.4CVSS6.5AI score0.00149EPSS
Exploits1References5
OSV
OSV
added 2025/11/03 5:7 p.m.8 views

GHSA-R3JF-HM7Q-QFW5 MantisBT Vulnerable to Denial-of-Service (DoS) via Excessive Note Length

A lack of server-side validation for note length in MantisBT allows attackers to permanently corrupt issue activity logs by submitting extremely long notes tested with 4,788,761 characters. Once such a note is added: Impact - The entire activity stream becomes unviewable UI fails to render. - New...

6.5CVSS6.8AI score0.00375EPSS
Exploits0References6
OSV
OSV
added 2025/11/03 5:7 p.m.4 views

GHSA-4V8W-GG5J-PH37 MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling

Due to an incorrect use of loose == instead of strict === comparison in the authentication code1, PHP type juggling will cause interpretation of certain MD5 hashes as numbers, specifically those matching scientific notation. 1:...

9.1CVSS5.9AI score0.00326EPSS
Exploits0References6
EUVD
EUVD
added 2025/11/03 5:7 p.m.5 views

EUVD-2025-37510

MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling...

6.7AI score0.00326EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/11/03 5:7 p.m.8 views

MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling

Due to an incorrect use of loose == instead of strict === comparison in the authentication code1, PHP type juggling will cause interpretation of certain MD5 hashes as numbers, specifically those matching scientific notation. 1:...

9.1CVSS5.9AI score0.00326EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder