92 matches found
MantisBT < 2.25.2 - Cross-Site Scripting
MantisBT before 2.25.2 contains a cross-site scripting vulnerability in browsersearchplugin.php. The application does not properly sanitize the 'type' parameter, which allows attackers to inject arbitrary web script or HTML via a crafted URL. id: CVE-2022-28508 info: name: MantisBT 2.25.2 -...
MantisBT has Stored XSS on Move Attachments Admin Page
Unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. Impact Cross-site scripting XSS. This is mitigated by Content Security Policy which restricts scripts execution. Patches -...
MantisBT is Vulnerable to XSS leading to account takeover via updating a user's font family preference
Any authenticated user can inject arbitrary HTML via updating their account's font family. Impact Cross-site scripting. The injected payload will be reflected in every MantisBT page. Leveraging another vulnerability CSP bypass, see GHSA-9c3j-xm6v-j7j3, the attacker could achieve account takeover...
Access Control Bypass
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Access Control Bypass via insufficient access control checks in the ProjectUsersAddCommand process. An attacker can escalate their project-level privileges by submitting a forged higher...
Authentication Bypass
mantisbt/mantisbt is vulnerable to Authentication Bypass. The vulnerability is due to the use of loose comparison == instead of strict comparison === in authentication logic, which allows an attacker to exploit MD5 hash collisions interpreted as numeric zero and gain unauthorized access without...
GHSA-4V8W-GG5J-PH37 MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling
Due to an incorrect use of loose == instead of strict === comparison in the authentication code1, PHP type juggling will cause interpretation of certain MD5 hashes as numbers, specifically those matching scientific notation. 1:...
EUVD-2014-9509
Malware in sbrugna...
EUVD-2018-21433
Malware in sbrugna...
EUVD-2014-6200
Malware in sbrugna...
EUVD-2014-9386
Malware in sbrugna...
EUVD-2014-9104
Malware in sbrugna...
EUVD-2017-3648
Malware in sbrugna...
EUVD-2017-15853
Malware in sbrugna...
EUVD-2015-5076
Malware in sbrugna...
EUVD-2011-3541
Malware in sbrugna...
EUVD-2014-6271
Malware in sbrugna...
EUVD-2015-1185
Malware in sbrugna...
EUVD-2010-2578
Malware in sbrugna...
EUVD-2012-1156
Malware in sbrugna...
EUVD-2016-7722
Malware in sbrugna...