Lucene search
+L

92 matches found

Nuclei
Nuclei
added 14 hours ago41 views

MantisBT < 2.25.2 - Cross-Site Scripting

MantisBT before 2.25.2 contains a cross-site scripting vulnerability in browsersearchplugin.php. The application does not properly sanitize the 'type' parameter, which allows attackers to inject arbitrary web script or HTML via a crafted URL. id: CVE-2022-28508 info: name: MantisBT 2.25.2 -...

6.1CVSS6AI score0.05227EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/11 7:40 p.m.13 views

MantisBT has Stored XSS on Move Attachments Admin Page

Unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. Impact Cross-site scripting XSS. This is mitigated by Content Security Policy which restricts scripts execution. Patches -...

8.6CVSS5.8AI score0.00298EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 7:34 p.m.11 views

MantisBT is Vulnerable to XSS leading to account takeover via updating a user's font family preference

Any authenticated user can inject arbitrary HTML via updating their account's font family. Impact Cross-site scripting. The injected payload will be reflected in every MantisBT page. Leveraging another vulnerability CSP bypass, see GHSA-9c3j-xm6v-j7j3, the attacker could achieve account takeover...

7.2CVSS5.9AI score0.00424EPSS
Exploits0References7Affected Software1
Snyk
Snyk
added 2026/05/11 7:32 p.m.7 views

Access Control Bypass

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Access Control Bypass via insufficient access control checks in the ProjectUsersAddCommand process. An attacker can escalate their project-level privileges by submitting a forged higher...

5.1CVSS5.8AI score0.00427EPSS
Exploits0References2
Veracode
Veracode
added 2025/12/13 5:47 a.m.7 views

Authentication Bypass

mantisbt/mantisbt is vulnerable to Authentication Bypass. The vulnerability is due to the use of loose comparison == instead of strict comparison === in authentication logic, which allows an attacker to exploit MD5 hash collisions interpreted as numeric zero and gain unauthorized access without...

9.1CVSS5.8AI score0.00326EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/11/03 5:7 p.m.4 views

GHSA-4V8W-GG5J-PH37 MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling

Due to an incorrect use of loose == instead of strict === comparison in the authentication code1, PHP type juggling will cause interpretation of certain MD5 hashes as numbers, specifically those matching scientific notation. 1:...

9.1CVSS5.9AI score0.00326EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2014-9509

Malware in sbrugna...

6.5CVSS6.7AI score0.02285EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-21433

Malware in sbrugna...

6.5CVSS6.5AI score0.0124EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.1 views

EUVD-2014-6200

Malware in sbrugna...

5.8CVSS6AI score0.02328EPSS
Exploits2References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-9386

Malware in sbrugna...

7.5CVSS6.1AI score0.02485EPSS
Exploits2References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2014-9104

Malware in sbrugna...

5CVSS6.1AI score0.02118EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-3648

Malware in sbrugna...

6.1CVSS6.1AI score0.03904EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-15853

Malware in sbrugna...

6.1CVSS6.2AI score0.03542EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2015-5076

Malware in sbrugna...

5.3CVSS5.3AI score0.01435EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-3541

Malware in sbrugna...

4.3CVSS6.1AI score0.01788EPSS
Exploits1References19
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2014-6271

Malware in sbrugna...

5CVSS6AI score0.02103EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-1185

Malware in sbrugna...

5.8CVSS6.8AI score0.0219EPSS
Exploits2References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2010-2578

Malware in sbrugna...

2.1CVSS6AI score0.01804EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-1156

Malware in sbrugna...

3.6CVSS6AI score0.02425EPSS
Exploits1References15
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-7722

Malware in sbrugna...

6.1CVSS6.1AI score0.03691EPSS
Exploits0References5
Rows per page
Query Builder