Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process

Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible while the verification token is valid, i.e for 5 minutes after t...

PT-2024-25692 · Mantisbt · Mantisbt

Name of the Vulnerable Software and Affected Versions: MantisBT versions prior to 2.26.2 Description: The issue is related to improper escaping of a custom field's name, allowing an attacker to inject HTML and potentially execute arbitrary JavaScript when certain conditions are met, such as...

CVE-2023-44394

MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit 65c44883f which has been included in release...

CVE-2023-44394

MantisBT is vulnerable to information disclosure due to insufficient access checks on the Wiki redirection page, allowing any user to reveal private project names by accessing wiki.php with sequential IDs. The issue has been addressed in commit 65c44883f9d24f3ccef066fb523c93d8fdd7afc1 and include...

CVE-2023-44394 Disclosure of project names to unauthorized users in MantisBT

MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit 65c44883f which has been included in release...

CVE-2023-44394 Disclosure of project names to unauthorized users in MantisBT

MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit 65c44883f which has been included in release...

FreeBSD : mantis -- multiple vulnerabilities (bed545c6-bdb8-11ed-bca8-a33124f1beb1)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the bed545c6-bdb8-11ed-bca8-a33124f1beb1 advisory. - moment is a JavaScript date library for parsing, validating, manipulating, and formatting...

Design/Logic Flaw

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the Summary field of private Issues i.e. having Private view status, or belonging to a private Proje...

CVE-2023-22476

Summary: CVE-2023-22476 affects MantisBT (Mantis Bug Tracker) before 2.25.6 where insufficient access checks allow any logged‑in user with Group Actions privileges to read the Summary of private issues via a crafted bug_arr[] in bug_actiongroup_ext.php. Root cause: inadequate access control on pr...

CVE-2023-22476 MantisBT: Exposure of Private issues' summary to unauthorized users

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the Summary field of private Issues i.e. having Private view status, or belonging to a private Proje...

CVE-2023-22476 MantisBT: Exposure of Private issues' summary to unauthorized users

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the Summary field of private Issues i.e. having Private view status, or belonging to a private Proje...

PT-2023-18528 · Unknown · Mantis Bug Tracker

Name of the Vulnerable Software and Affected Versions: Mantis Bug Tracker versions prior to 2.25.6 Description: The issue is caused by insufficient access-level checks, allowing any logged-in user who can perform Group Actions to access the Summary field of private Issues via a crafted bug arr...

SUSE CVE-2014-9089

Multiple SQL injection vulnerabilities in viewallbugpage.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the 1 sort or 2 dir parameter to viewallset.php...

SUSE CVE-2016-5364

Cross-site scripting XSS vulnerability in managecustomfieldeditpage.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter...

SUSE CVE-2017-7309

A cross-site scripting XSS vulnerability in the MantisBT Configuration Report page admconfigreport.php allows remote attackers to inject arbitrary code if CSP settings permit it through a crafted 'configoption' parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3...

SUSE CVE-2017-12061

An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by...

SUSE CVE-2017-12062

An XSS issue was discovered in manageuserpage.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled...

CVE-2016-15009

A vulnerability classified as problematic has been found in OpenACS bug-tracker. Affected is an unknown function of the file lib/nav-bar.adp of the component Search. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is...

CVE-2016-15009

A vulnerability classified as problematic has been found in OpenACS bug-tracker. Affected is an unknown function of the file lib/nav-bar.adp of the component Search. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is...

Cross site request forgery (csrf)

A vulnerability classified as problematic has been found in OpenACS bug-tracker. Affected is an unknown function of the file lib/nav-bar.adp of the component Search. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is...