Cross-site Request Forgery (CSRF)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to insufficient validation of user-supplied input in the permalinkpage.php and loginpage.php URIs. Remediation Upgrade mantisbt/mantisbt to version 1.3.11,...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via crafted PATHINFO in a URL. An attacker can inject arbitrary code by manipulating the unsanitized $SERVER'PHPSELF' used to generate URLs. Details Cross-site scriptin...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the configoption parameter in admconfigreport.php. An attacker can inject arbitrary web script or HTML by crafting a malicious 'configoption' parameter. Details...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the action parameter. An attacker can inject arbitrary web script or HTML by crafting a malicious action parameter value. Details Cross-site scripting or XSS is a...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the moveattachmentspage.php. An attacker can inject arbitrary web script or HTML by manipulating the 'type' parameter. This is only exploitable if Content Security...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the filter field. An attacker can execute arbitrary JavaScript code by injecting malicious scripts into this field. Details Cross-site scripting or XSS is a code...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the managefiltereditpage.php process. An attacker can execute arbitrary code when displaying a filter with a crafted name. Details Cross-site scripting or XSS is a...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the viewfilterspage.php. An attacker can inject arbitrary code by crafting the PATHINFO if CSP settings permit it. Details Cross-site scripting or XSS is a code...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the managefilterpage.php. An attacker can inject arbitrary web script or HTML by crafting a project name that is improperly sanitized. Details Cross-site scripting ...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the managefiltereditpage.php. An attacker can inject arbitrary code by crafting a malicious project name. This is only exploitable if the attacker has access rights...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the admin/install.php script. An attacker can inject arbitrary JavaScript code by manipulating input fields such as $fdatabase, $fdbusername, and $fadminusername...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the browsersearchplugin.php file. An attacker can inject malicious scripts into a hidden input field by manipulating the unescaped output of the return parameter...

MantisBT 跨站脚本漏洞

MantisBT is a Web-based open source defect tracking system from the Mantisbt team. The system provides project management and defect tracking services in the form of Web operations. cross-site scripting vulnerability exists in versions prior to MantisBT 2.25.2, which originates from an unescaped...

CSV Injection

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to CSV Injection through the csvexport.php API. An attacker can execute arbitrary code or access sensitive information by embedding malicious formulas in the CSV content that is executed when the...

JetBrains YouTrack 注入漏洞

JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. The software has features such as bug tracking, creating workflows, and monitoring project progress.JetBrains YouTrack is vulnerable to an injection vulnerability that stems from...

Atlassian Asterisk 注入漏洞

Atlassian Asterisk is a software application from the American company Atlassian. A development program bug tracking feature is provided. An injection vulnerability exists in Atlassian Asterisk that arises from a network system or product that does not properly validate incoming data...

Vulnerability fixed in MantisBT

A vulnerability has been fixed in MantisBT. A malicious party can exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. MantisBT has released updates to fix...

Google Chrome < 90.0.4430.93 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 90.0.4430.93. It is, therefore, affected by multiple vulnerabilities as referenced in the 202104stable-channel-update-for-desktop26 advisory. - Heap buffer overflow in ANGLE in Google Chrome on Windows prior to...

Kagemai 跨站脚本漏洞

SourceForge Organization kagemai is an application of the Japanese open source SourceForge Organization . A Web-based bug tracking system BTS. Kagemai 0.8.6 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary script in a user's web browser...

MantisBT 代码问题漏洞

MantisBT is MantisBT Mantisbt team of a Web-based open source defect tracking system . The system provides project management and defect tracking services in the form of Web operations. A security vulnerability exists in MantisBT before 2.24.5 that stems from associating a unique cookie string wi...