CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

91 matches found

MantisBT < 2.25.2 - Cross-Site Scripting

MantisBT before 2.25.2 contains a cross-site scripting vulnerability in browsersearchplugin.php. The application does not properly sanitize the 'type' parameter, which allows attackers to inject arbitrary web script or HTML via a crafted URL. id: CVE-2022-28508 info: name: MantisBT 2.25.2 -...

6.1CVSS6.2AI score0.29029EPSS

Exploits1References3

Github Security Blog•added 2026/05/11 7:40 p.m.•3 views

MantisBT has Stored XSS on Move Attachments Admin Page

Unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. Impact Cross-site scripting XSS. This is mitigated by Content Security Policy which restricts scripts execution. Patches -...

8.6CVSS5.8AI score0.00057EPSS

Exploits0References4Affected Software1

Github Security Blog•added 2026/05/11 7:34 p.m.•6 views

MantisBT is Vulnerable to XSS leading to account takeover via updating a user's font family preference

Any authenticated user can inject arbitrary HTML via updating their account's font family. Impact Cross-site scripting. The injected payload will be reflected in every MantisBT page. Leveraging another vulnerability CSP bypass, see GHSA-9c3j-xm6v-j7j3, the attacker could achieve account takeover...

7.2CVSS5.9AI score0.00056EPSS

Exploits0References6Affected Software1

Snyk•added 2026/05/11 7:32 p.m.•4 views

Access Control Bypass

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Access Control Bypass via insufficient access control checks in the ProjectUsersAddCommand process. An attacker can escalate their project-level privileges by submitting a forged higher...

5.1CVSS5.8AI score0.00015EPSS

Exploits0References2

Veracode•added 2025/12/13 5:47 a.m.•3 views

Authentication Bypass

mantisbt/mantisbt is vulnerable to Authentication Bypass. The vulnerability is due to the use of loose comparison == instead of strict comparison === in authentication logic, which allows an attacker to exploit MD5 hash collisions interpreted as numeric zero and gain unauthorized access without...

9.1CVSS5.8AI score0.00098EPSS

Exploits0References5Affected Software1

OSV•added 2025/11/03 5:7 p.m.•3 views

GHSA-4V8W-GG5J-PH37 MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling

Due to an incorrect use of loose == instead of strict === comparison in the authentication code1, PHP type juggling will cause interpretation of certain MD5 hashes as numbers, specifically those matching scientific notation. 1:...

9.1CVSS5.9AI score0.00098EPSS

Exploits0References6