CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A cross-site scripting XSS vulnerability in the MantisBT Configuration Report page admconfigreport.php allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2...

4.8CVSS6.3AI score0.00929EPSS

Exploits1References3

SUSE CVE•added 2023/02/15 4:48 a.m.•4 views

SUSE CVE-2017-7309

A cross-site scripting XSS vulnerability in the MantisBT Configuration Report page admconfigreport.php allows remote attackers to inject arbitrary code if CSP settings permit it through a crafted 'configoption' parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3...

4.8CVSS6.3AI score0.57699EPSS

Exploits1References3

Github Security Blog•added 2022/05/17 2:30 a.m.•7 views

MantisBT XSS via adm_config_report.php's action parameter

4.8CVSS5.2AI score0.00929EPSS

Exploits1References6Affected Software1

OSV•added 2022/05/17 2:30 a.m.•4 views

GHSA-V7QF-22RW-CHPH MantisBT XSS via adm_config_report.php's action parameter

4.8CVSS6.1AI score0.00929EPSS

Exploits1References6

OpenVAS•added 2020/11/05 12:0 a.m.•17 views

MantisBT 1.2.13 XSS Vulnerability - Windows

MantisBT is prone to a cross-site scripting vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...

5.4CVSS5.4AI score0.0101EPSS

Exploits0References2

NVD•added 2019/10/31 8:15 p.m.•24 views

CVE-2013-1934

A cross-site scripting XSS vulnerability in the configuration report page admconfigreport.php in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value...

5.4CVSS5AI score0.00924EPSS

Exploits0References5

NVD•added 2019/10/31 8:15 p.m.•19 views

CVE-2013-1932

A cross-site scripting XSS vulnerability in the configuration report page admconfigreport.php in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name...

5.4CVSS5AI score0.0101EPSS

Exploits0References5

UbuntuCve•added 2019/10/31 8:15 p.m.•37 views

CVE-2013-1932

5.4CVSS6.2AI score0.0101EPSS

Exploits0References2

Prion•added 2019/10/31 8:15 p.m.•21 views

Cross site scripting

3.5CVSS5.3AI score0.00924EPSS

Exploits0References5Affected Software2

UbuntuCve•added 2019/10/31 8:15 p.m.•31 views

CVE-2013-1934

5.4CVSS6.1AI score0.00924EPSS

Exploits0References3

Prion•added 2019/10/31 8:15 p.m.•25 views

Cross site scripting

3.5CVSS5.3AI score0.0101EPSS

Exploits0References5Affected Software1

CVE•added 2019/10/31 7:5 p.m.•87 views

CVE-2013-1934

The CVE-2013-1934 issue affects MantisBT 1.2.0rc1 and earlier, where the configuration report page adm_config_report.php allows remote authenticated users to inject arbitrary script/HTML via a complex value, enabling cross-site scripting. Root cause: insufficient input sanitization on the adm_con...

5.4CVSS4.9AI score0.00924EPSS

Exploits0References5Affected Software1

Cvelist•added 2019/10/31 7:5 p.m.•22 views

CVE-2013-1932

5AI score0.0101EPSS

Exploits0References5

CVE•added 2019/10/31 7:5 p.m.•69 views

CVE-2013-1932

CVE-2013-1932 affects MantisBT 1.2.13. The OpenVAS entries and NVD description confirm a cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) that allows remote authenticated users to inject arbitrary script/HTML via the project name. The Nessus NASL i...

5.4CVSS4.9AI score0.0101EPSS

Exploits0References5Affected Software1

Prion•added 2017/03/31 4:59 a.m.•16 views

Cross site scripting

3.5CVSS5AI score0.00929EPSS

Exploits1References4Affected Software1

OSV•added 2017/03/31 4:59 a.m.•14 views

CVE-2017-7309

4.8CVSS5.8AI score

Exploits0References4

Rows per page