MantisBT XSS issue on the view_all_bug_page.php

An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on viewallbugpage.php allows a remote attacker to inject arbitrary HTML into the page by saving it into a text Custom Field, leading to possible code execution in the browser of any user subsequently viewing the issue if CSP...

Cross site scripting

MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks...

MantisBT 1.2.x < 1.2.14 adm_config_report.php Multiple Parameter XSS

According to its version number, the MantisBT install hosted on the remote web server is affected by multiple cross-site scripting vulnerabilities : - A flaw exists in on the Configuration Report page in the 'admconfigreport.php' script. CVE-2013-1932 - A flaw exists because the application fails...

MantisBT Multiple Local File Include and Cross Site Scripting Vulnerabilities

This host is running MantisBT and is prone to multiple local file include and cross-site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: secpodmantismultlfinxssvuln.nasl 7044 2017-09-01 11:50:59Z teissa $ MantisBT Multiple Local File Include and Cross Site Scripting Vulnerabilities...

Directory traversal

Directory traversal vulnerability in admin/upgradeunattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the dbtype parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP...