MantisBT is Vulnerable to Stored HTML Injection/XSS in Clone Issue Form

When cloning an issue originating from a Project other than the current one, the clone form bugreportpage.php prepends the source Project name before the category selector without proper escaping, allowing an attacker able to to inject HTML if they can set the Project's name which typically...

EUVD-2004-1725

Malware in sbrugna...

EUVD-2004-1724

Malware in sbrugna...

Mantis BugTracker 1.2.19 Open Redirect

Mantis BugTracker 1.2.19 URL Redirection to Untrusted Site 'Open Redirect' - Affected Vendor: Mantis - Affected System: BugTracker 1.2.19 - Vulnerabilities' Status: Fixed - Associated CWEs: CWE-601: URL Redirection to Untrusted Site 'Open Redirect' http://cwe.mitre.org/data/definitions/601.html...

Immunity Canvas: MANTIS113

Name| mantis113 ---|--- CVE| CVE-2008-4688 Exploit Pack| CANVAS Description| Mantis BugTracker = 1.1.3 Remote Code Execution Notes| CVE Name: CVE-2008-4688 VENDOR: Mantis Repeatability: Infinite CVE Url: https://vulners.com/cve/CVE-2008-4688 References: 'None' CVSS: 5.0...

menalto gallery: Session hijacking vulnerability, CVE-2008-3102

menalto gallery: Session hijacking vulnerability, CVE-2008-3102 References https://vulners.com/cve/CVE-2008-3102 http://int21.de/cve/CVE-2008-3102-mantis.html http://www.mantisbt.org/bugs/view.php?id=9524 http://www.mantisbt.org/bugs/view.php?id=9533...

mantis-poc.txt

--------------------------------------------------------------------------- Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities --------------------------------------------------------------------------- Author: Jose Antonio Coret Joxean Koret Date: 2005 Location: Basque Country...

Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities

--------------------------------------------------------------------------- Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities --------------------------------------------------------------------------- Author: Jose Antonio Coret Joxean Koret Date: 2005 Location: Basque Country...

CVE-2004-1730

CVE-2004-1730 is an XSS vulnerability in the Mantis bugtracker. The issue allows remote attackers to inject arbitrary script/HTML via four vectors: (1) the return parameter to login_page.php, (2) the e-mail field in signup.php, (3) the action parameter to login_select_proj_page.php, and (4) the h...

CVE-2004-1730

Cross-site scripting XSS vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via 1 the return parameter to loginpage.php, 2 e-mail field in signup.php, 3 action parameter to loginselectprojpage.php, or 4 hidestatus parameter to viewallset.php...

CVE-2004-1731

signuppage.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address...

CVE-2004-1730

Cross-site scripting XSS vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via 1 the return parameter to loginpage.php, 2 e-mail field in signup.php, 3 action parameter to loginselectprojpage.php, or 4 hidestatus parameter to viewallset.php...

Mantis Bugtracker Remote PHP Code Execution Vulnerability

--------------------------------------------------------------------------- Mantis Bugtracker Remote PHP Code Execution Vulnerability --------------------------------------------------------------------------- Author: Joxean Koret Date: 08-01-2004 Location: Basque Country...

CVE-2004-1731

signuppage.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address...

[Mantis Advisory/2002-07] Bugs in private projects listed on 'View Bugs'

Mantis Advisory/2002-07 Bugs in private projects listed on 'View Bugs' 0. Table of Contents 1. Introduction 2. Summary / Impact analysis 3. Affected versions 4. Workaround / Solution 5. Proof of Vulnerability 6. Credit 7. Contact details 1. Introduction Mantis is an Open Source web-based...