Lucene search
K

414 matches found

NVD
NVD
added 2026/05/19 10:16 p.m.18 views

CVE-2026-34463

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior contain a Stored XSS vulnerability. When cloning an issue originating from a Project other than the current one, the clone form bugreportpage.php prepends the source Project name before the category selector...

8.6CVSS0.00444EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/19 10:6 p.m.36 views

CVE-2026-34579 MantisBT has an authorization bypass via private issue monitoring

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...

5.3CVSS0.00363EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/19 10:6 p.m.9 views

CVE-2026-34579 MantisBT has an authorization bypass via private issue monitoring

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...

5.3CVSS5.7AI score0.00363EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/19 10:6 p.m.16 views

EUVD-2026-30996

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...

5.3CVSS5.7AI score0.00363EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/19 10:6 p.m.11 views

CVE-2026-34579

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...

5.3CVSS5.7AI score0.00363EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/19 9:57 p.m.26 views

CVE-2026-34463 MantisBT has Stored HTML Injection/XSS via Clone Issue Form

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior contain a Stored XSS vulnerability. When cloning an issue originating from a Project other than the current one, the clone form bugreportpage.php prepends the source Project name before the category selector...

8.6CVSS0.00444EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:57 p.m.7 views

CVE-2026-34463

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior contain a Stored XSS vulnerability. When cloning an issue originating from a Project other than the current one, the clone form bugreportpage.php prepends the source Project name before the category selector...

8.6CVSS5.7AI score0.00444EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/19 9:57 p.m.18 views

CVE-2026-34463

CVE-2026-34463 affects MantisBT prior to 2.28.2. When cloning an issue from a different project, the clone form (bug_report_page.php) prepends the source project name before the category selector without proper escaping, allowing stored HTML injection (XSS) if an attacker can set the project name...

8.6CVSS5.7AI score0.00444EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/19 9:57 p.m.7 views

CVE-2026-34463 MantisBT has Stored HTML Injection/XSS via Clone Issue Form

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior contain a Stored XSS vulnerability. When cloning an issue originating from a Project other than the current one, the clone form bugreportpage.php prepends the source Project name before the category selector...

8.6CVSS5.7AI score0.00444EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/19 9:57 p.m.11 views

EUVD-2026-30998

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior contain a Stored XSS vulnerability. When cloning an issue originating from a Project other than the current one, the clone form bugreportpage.php prepends the source Project name before the category selector...

8.6CVSS5.7AI score0.00444EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/19 9:54 p.m.12 views

EUVD-2026-30994

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior have a Privilege Escalation vulnerability where insufficient access control checks in ProjectUsersAddCommand manageprojuseradd.php allow users having manageprojectthreshold access level manager by default to...

5.1CVSS5.8AI score0.00427EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/19 9:54 p.m.8 views

CVE-2026-34390 MantisBT: Privilege Escalation from Manager to Administrator

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior have a Privilege Escalation vulnerability where insufficient access control checks in ProjectUsersAddCommand manageprojuseradd.php allow users having manageprojectthreshold access level manager by default to...

5.1CVSS5.8AI score0.00427EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:54 p.m.8 views

CVE-2026-34390

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior have a Privilege Escalation vulnerability where insufficient access control checks in ProjectUsersAddCommand manageprojuseradd.php allow users having manageprojectthreshold access level manager by default to...

5.1CVSS5.8AI score0.00427EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/05/19 9:54 p.m.19 views

CVE-2026-34390

MantisBT before 2.28.2 is affected by a Privilege Escalation in ProjectUsersAddCommand (manage_proj_user_add.php). A user with manage_project_threshold (default manager) can forge a higher access_level value and grant project-level administrator rights to any user within a project they manage, by...

5.1CVSS5.8AI score0.00427EPSS
Exploits0References4
NVD
NVD
added 2026/05/19 2:16 a.m.18 views

CVE-2026-33052

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "addprofilethreshold" permission to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a...

5.3CVSS0.0034EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/19 12:29 a.m.7 views

CVE-2026-33052

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "addprofilethreshold" permission to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a...

5.3CVSS5.7AI score0.0034EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/19 12:29 a.m.14 views

EUVD-2026-30820

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "addprofilethreshold" permission to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a...

5.3CVSS5.7AI score0.0034EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/19 12:29 a.m.45 views

CVE-2026-33052 MantisBT: Authorization Bypass in Global Profile Creation

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "addprofilethreshold" permission to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a...

5.3CVSS0.0034EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Mantis Bug Tracker 跨站脚本漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker 2.28.1 and earlier had a cross-site scripting vulnerability. This vulnerability occurred when cloning issues from other projects, where the clone form added the source project...

8.6CVSS5.7AI score0.00444EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Mantis Bug Tracker 访问控制错误漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker 2.28.1 and earlier contained a access control vulnerability. This vulnerability stemmed from insufficient access control checks in the ProjectUsersAddCommand, allowing users...

5.1CVSS5.8AI score0.00427EPSS
Exploits0References1
Rows per page
Query Builder