Lucene search
K

20096 matches found

Vulnrichment
Vulnrichment
added 2026/05/22 7:29 p.m.13 views

CVE-2026-40597 MantisBT has a Content Security Policy bypass via attachments

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.28.1 and below, given any pre-existing XSS / HTML injection vulnerability, an attacker can bypass the Content Security Policy's script-src directive by uploading a crafted attachment to any issue that, when accessed via th...

7.6CVSS5.7AI score0.00498EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/22 7:29 p.m.7 views

CVE-2026-40597

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.28.1 and below, given any pre-existing XSS / HTML injection vulnerability, an attacker can bypass the Content Security Policy's script-src directive by uploading a crafted attachment to any issue that, when accessed via th...

7.6CVSS5.8AI score0.00498EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/22 7:29 p.m.16 views

EUVD-2026-31496

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.28.1 and below, given any pre-existing XSS / HTML injection vulnerability, an attacker can bypass the Content Security Policy's script-src directive by uploading a crafted attachment to any issue that, when accessed via th...

7.6CVSS5.7AI score0.00498EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/22 7:25 p.m.11 views

CVE-2026-40596 MantisBT is vulnerable to XSS and potential account takeover via user font family preference update

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.11.0 through 2.28.1 allow any authenticated user to inject arbitrary HTML by updating their account's font family. Upon exploitation, an XSS payload would be reflected on every MantisBT page. Leveraging another vulnerability...

7.2CVSS0.00424EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/22 7:25 p.m.7 views

CVE-2026-40596

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.11.0 through 2.28.1 allow any authenticated user to inject arbitrary HTML by updating their account's font family. Upon exploitation, an XSS payload would be reflected on every MantisBT page. Leveraging another vulnerability...

7.2CVSS5.9AI score0.00424EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/05/22 7:25 p.m.11 views

EUVD-2026-31492

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.11.0 through 2.28.1 allow any authenticated user to inject arbitrary HTML by updating their account's font family. Upon exploitation, an XSS payload would be reflected on every MantisBT page. Leveraging another vulnerability...

7.2CVSS5.9AI score0.00424EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/22 7:25 p.m.8 views

CVE-2026-40596 MantisBT is vulnerable to XSS and potential account takeover via user font family preference update

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.11.0 through 2.28.1 allow any authenticated user to inject arbitrary HTML by updating their account's font family. Upon exploitation, an XSS payload would be reflected on every MantisBT page. Leveraging another vulnerability...

7.2CVSS5.9AI score0.00424EPSS
Exploits0References5
CVE
CVE
added 2026/05/22 7:25 p.m.41 views

CVE-2026-40596

Summary (CVE-2026-40596): MantisBT versions 2.11.0–2.28.1 are vulnerable to cross-site scripting via an authenticated user updating their font-family preference. The XSS payload is reflected on every page; with a CSP bypass (GHSA-9c3j-xm6v-j7j3) this could enable account takeover. The issue is fi...

7.2CVSS5.8AI score0.00424EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.8 views

Mantis Bug Tracker 安全特征问题漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker prior to 2.28.1 contained a security vulnerability related to the script-src directive, which allowed bypassing content security policies by uploading specially crafted...

7.6CVSS5.8AI score0.00498EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.8 views

Mantis Bug Tracker 跨站脚本漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions 2.11.0 to 2.28.1 of Mantis Bug Tracker contain a cross-site scripting vulnerability. This vulnerability stems from improper escaping of the filter owner’s name, which may lead to stored-cross-site...

7.5CVSS5.6AI score0.00419EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

Mantis Bug Tracker 跨站脚本漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions 2.11.0 to 2.28.1 of Mantis Bug Tracker contain a cross-site scripting vulnerability. This vulnerability stems from allowing any authenticated user to inject arbitrary HTML through the update accoun...

7.2CVSS5.8AI score0.00424EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

Mantis Bug Tracker 安全漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Mantis Bug Tracker versions 2.28.1 and earlier have security vulnerabilities, which stem from improper escaping of redirect pages, potentially leading to HTML injection attacks. The following versions are...

6.9CVSS5.8AI score0.00447EPSS
Exploits0References3
NVD
NVD
added 2026/05/20 10:16 p.m.16 views

CVE-2026-39960

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and below contain flawed logic that causes improper escaping of a textarea custom field's contents in the Update Issue page, bugupdatepage.php allowing an attacker to inject HTML and, if CSP settings permit, execute...

5.4CVSS0.0023EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/20 9:11 p.m.31 views

CVE-2026-39960 MantisBT is Vulnerable to Stored XSS through Custom Field Textarea Values

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and below contain flawed logic that causes improper escaping of a textarea custom field's contents in the Update Issue page, bugupdatepage.php allowing an attacker to inject HTML and, if CSP settings permit, execute...

5.4CVSS0.0023EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/20 9:11 p.m.7 views

CVE-2026-39960

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and below contain flawed logic that causes improper escaping of a textarea custom field's contents in the Update Issue page, bugupdatepage.php allowing an attacker to inject HTML and, if CSP settings permit, execute...

5.4CVSS6AI score0.0023EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/20 9:11 p.m.15 views

EUVD-2026-31192

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and below contain flawed logic that causes improper escaping of a textarea custom field's contents in the Update Issue page, bugupdatepage.php allowing an attacker to inject HTML and, if CSP settings permit, execute...

5.4CVSS6AI score0.0023EPSS
Exploits0References2
NVD
NVD
added 2026/05/20 12:16 a.m.13 views

CVE-2026-34970

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note's Revisions page after losing access to the parent private issue. This issue has been fixed in version 2.28.2...

5.3CVSS0.00372EPSS
Exploits0References3
NVD
NVD
added 2026/05/20 12:16 a.m.17 views

CVE-2026-34754

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior allow an authenticated user to upload attachments to private Issues they are not authorized to access. This issue has been fixed in version 2.28.2...

4.3CVSS0.00248EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.10 views

Mantis Bug Tracker(MantisBT) 访问控制错误漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker prior to 2.28.1 contained an access control vulnerability. This vulnerability stemmed from allowing authenticated users to upload attachments to private issues that they did n...

4.3CVSS5.8AI score0.00248EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.9 views

Mantis Bug Tracker 信息泄露漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker prior to 2.28.1 contained a vulnerability related to information leakage. This vulnerability stemmed from allowing incorrect annotators to access the revised pages of...

5.3CVSS5.8AI score0.00372EPSS
Exploits0References1
Rows per page
Query Builder