MantisBT 1.2.x < 1.2.18 Multiple Vulnerabilities

According to its version number, the MantisBT application hosted on the remote web server is 1.2.x prior to 1.2.18. It is, therefore, affected by the following vulnerabilities : - Multiple input-validation errors exist that could allow cross-site scripting attacks. CVE-2014-7146, CVE-2014-8986,...

CVE-2014-9271

Cross-site scripting XSS vulnerability in filedownload.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename...

CVE-2014-9271

Cross-site scripting XSS vulnerability in filedownload.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename...

CVE-2014-9271

CVE-2014-9271 affects MantisBT 1.2.x up to 1.2.18. It is a cross-site scripting (XSS) vulnerability in file_download.php that allows an attacker to inject arbitrary web script or HTML via a Flash file with an image extension (e.g., a .swf.jpeg filename) related to inline attachments. Root cause: ...

Debian DSA-3120-1 : mantis - security update

Multiple security issues have been found in the Mantis bug tracking system, which may result in phishing, information disclosure, CAPTCHA bypass, SQL injection, cross-site scripting or the execution of arbitrary PHP code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text a...

Debian Security Advisory DSA 3120-1 (mantis - security update)

Multiple security issues have been found in the Mantis bug tracking system, which may result in phishing, information disclosure, CAPTCHA bypass, SQL injection, cross-site scripting or the execution of arbitrary PHP code. OpenVAS Vulnerability Test $Id: deb3120.nasl 6609 2017-07-07 12:05:59Z...