218 matches found
MantisBT has Stored XSS on Move Attachments Admin Page
Unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. Impact Cross-site scripting XSS. This is mitigated by Content Security Policy which restricts scripts execution. Patches -...
GHSA-FVJF-68WH-RWP2 MantisBT is Vulnerable to Stored HTML Injection/XSS in Clone Issue Form
When cloning an issue originating from a Project other than the current one, the clone form bugreportpage.php prepends the source Project name before the category selector without proper escaping, allowing an attacker able to to inject HTML if they can set the Project's name which typically...
MantisBT is Vulnerable to Stored HTML Injection/XSS in Clone Issue Form
When cloning an issue originating from a Project other than the current one, the clone form bugreportpage.php prepends the source Project name before the category selector without proper escaping, allowing an attacker able to to inject HTML if they can set the Project's name which typically...
Cross-site Scripting (XSS)
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the bugreportpage.php process when cloning an issue from a different project, due to improper escaping of the source project name. An attacker with sufficient...
PT-2026-39899
Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker MantisBT versions 1.3.0 through 2.28.1 Description An issue exists where an unescaped Project Name allows an attacker with manager or administrator access levels to inject HTML into the Move Attachments admin page. This lead...
PT-2026-39875
Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker MantisBT versions prior to 2.28.2 Description A Stored Cross-Site Scripting XSS issue exists when cloning an issue from a project other than the current one. The clone form 'bug report page.php' prepends the source project...
EUVD-2019-20054
ASPRunner Professional 6.0.766 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long project name. Attackers can paste 180 or more characters into the Project name field during project creation to trigger an application...
CVE-2019-25659
ASPRunner Professional 6.0.766 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long project name. Attackers can paste 180 or more characters into the Project name field during project creation to trigger an application...
CVE-2019-25659
ASPRunner Professional 6.0.766 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long project name. Attackers can paste 180 or more characters into the Project name field during project creation to trigger an application...
CVE-2019-25659 ASPRunner Professional 6.0.766 Local Buffer Overflow DoS
ASPRunner Professional 6.0.766 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long project name. Attackers can paste 180 or more characters into the Project name field during project creation to trigger an application...
CVE-2019-25659 ASPRunner Professional 6.0.766 Local Buffer Overflow DoS
ASPRunner Professional 6.0.766 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long project name. Attackers can paste 180 or more characters into the Project name field during project creation to trigger an application...
CVE-2019-25659
ASPRunner Professional 6.0.766 is affected by a local buffer overflow in the Project name field during project creation, which can trigger a denial of service via excessively long input (180+ characters). The CVE entry documents the crash as the impact; no remediation details are provided in the ...
Xlinesoft ASPRunner Professional 缓冲区错误漏洞
Xlinesoft ASPRunner Professional is a database-driven web application development tool provided by Xlinesoft Corporation in the United States. Version 6.0.766 of Xlinesoft ASPRunner Professional contains a buffer overflow vulnerability. This vulnerability stems from a local buffer overflow in the...
PT-2026-30468
ASPRunner Professional 6.0.766 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long project name. Attackers can paste 180 or more characters into the Project name field during project creation to trigger an application...
CVE-2026-3051 DataLinkDC dinky Project Name GitRepository.java getProjectDir path traversal
A vulnerability has been found in DataLinkDC dinky up to 1.2.5. The affected element is the function getProjectDir of the file dinky-admin/src/main/java/org/dinky/utils/GitRepository.java of the component Project Name Handler. Such manipulation of the argument projectName leads to path traversal...
Dinky 路径遍历漏洞
Dinky is an open-source real-time computing platform developed by DataLinkDC. Versions of Dinky 1.2.5 and earlier contained a path traversal vulnerability. This vulnerability stemmed from incorrect handling of the parameter projectName in the getProjectDir function of the Project Name Handler...
CVE-2019-25330
SurfOffline Professional 2.2.0.103 contains a structured exception handler SEH overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers can generate a malicious payload of 382 'A' characters followed by specific byte sequences to...
CVE-2019-25330
CVE-2019-25330 affects SurfOffline Professional 2.2.0.103 via a structured exception handler (SEH) overflow in the project name input. An attacker can crash the application by supplying a crafted payload (e.g., 382 'A' characters followed by specific byte sequences), resulting in a denial of serv...
CVE-2019-25330
SurfOffline Professional 2.2.0.103 contains a structured exception handler SEH overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers can generate a malicious payload of 382 'A' characters followed by specific byte sequences to...
CVE-2019-25330 SurfOffline Professional 2.2.0.103 - 'Project Name' Denial of Service (SEH)
SurfOffline Professional 2.2.0.103 contains a structured exception handler SEH overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers can generate a malicious payload of 382 'A' characters followed by specific byte sequences to...