Lucene search
+L

1149 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/18 12:0 a.m.10 views

MantisBT 2.26.1 < 2.28.2 Private Issue Monitoring Authorization Bypass (GHSA-ggw7-9675-6v4v)

The version of MantisBT installed on the remote host is 2.26.1 or later but prior to 2.28.2. It is, therefore, affected by a vulnerability: - MantisBT has an authorization bypass in private issue monitoring. CVE-2026-34579 Note that Nessus has not tested for this issue but has instead relied only...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/18 12:0 a.m.11 views

MantisBT 2.23.0 < 2.28.2 Private Bugnote Attachment Content Leak (GHSA-pw5x-2mf9-3xc8)

The version of MantisBT installed on the remote host is 2.23.0 or later but prior to 2.28.2. It is, therefore, affected by a vulnerability: - MantisBT has a Private Bugnote Attachment Content Leak via REST API. CVE-2026-42071 Note that Nessus has not tested for this issue but has instead relied...

7.2CVSS5.8AI score0.0026EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/18 12:0 a.m.12 views

MantisBT 1.3.0 < 2.28.2 Move Attachments Admin Page Stored XSS (GHSA-7mqj-8gj2-cg59)

The version of MantisBT installed on the remote host is 1.3.0 or later but prior to 2.28.2. It is, therefore, affected by a vulnerability: - MantisBT has Stored XSS on Move Attachments Admin Page. CVE-2026-44655 Note that Nessus has not tested for this issue but has instead relied only on the...

8.6CVSS5.8AI score0.00298EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/18 12:0 a.m.10 views

MantisBT < 2.28.2 Multiple Vulnerabilities

The version of MantisBT installed on the remote host is prior to 2.28.2. It is, therefore, affected by multiple vulnerabilities: - MantisBT is vulnerable to Privilege Escalation from Manager to Administrator. CVE-2026-34390 - MantisBT is vulnerable to Authorization Bypass in Bugnote Editing via...

8.6CVSS5.8AI score0.00498EPSS
Exploits0References20
Github Security Blog
Github Security Blog
added 2026/05/11 7:40 p.m.13 views

MantisBT has Stored XSS on Move Attachments Admin Page

Unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. Impact Cross-site scripting XSS. This is mitigated by Content Security Policy which restricts scripts execution. Patches -...

8.6CVSS5.8AI score0.00298EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/11 7:40 p.m.5 views

GHSA-7MQJ-8GJ2-CG59 MantisBT has Stored XSS on Move Attachments Admin Page

Unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. Impact Cross-site scripting XSS. This is mitigated by Content Security Policy which restricts scripts execution. Patches -...

8.6CVSS5.8AI score0.00298EPSS
Exploits0References5
OSV
OSV
added 2026/05/11 7:39 p.m.24 views

GHSA-PW5X-2MF9-3XC8 MantisBT has a Private Bugnote Attachment Content Leak via REST API

A missing authorization check in MantisBT's file visibility function allows any authenticated user REPORTER+ to download attachments on private bugnotes they should not be able to access, via the REST API endpoint GET /api/rest/issues/id/files and SOAP API mcissueattachmentget endpoint. Impact -...

7.2CVSS5.8AI score0.0026EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/05/11 7:39 p.m.12 views

MantisBT has a Private Bugnote Attachment Content Leak via REST API

A missing authorization check in MantisBT's file visibility function allows any authenticated user REPORTER+ to download attachments on private bugnotes they should not be able to access, via the REST API endpoint GET /api/rest/issues/id/files and SOAP API mcissueattachmentget endpoint. Impact -...

7.2CVSS5.8AI score0.0026EPSS
Exploits0References8Affected Software1
Snyk
Snyk
added 2026/05/11 7:39 p.m.10 views

Missing Authorization

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Missing Authorization in the file visibility process. An attacker can access unauthorized file attachments by sending requests to the REST API or SOAP API endpoints. Remediation Upgrade...

7.6CVSS5.8AI score0.0026EPSS
Exploits0References2
OSV
OSV
added 2026/05/11 7:39 p.m.10 views

GHSA-J7V9-F46R-2RP4 MantisBT is Vulnerable to Reflected XSS in Rendering Dynamic Custom Textarea Field

Lack of validation of filtertarget parameter on returndynamicfilters.php normally used as an AJAX in View Issues Page allows an attacker to inject arbitrary HTML if the target is a TEXTAREA custom field. Impact Cross-site scripting XSS Patches - c885af13f0b8596714ffe11df757c09f35fbd8f4 Workaround...

5.3CVSS5.9AI score0.00281EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/11 7:39 p.m.12 views

MantisBT is Vulnerable to Reflected XSS in Rendering Dynamic Custom Textarea Field

Lack of validation of filtertarget parameter on returndynamicfilters.php normally used as an AJAX in View Issues Page allows an attacker to inject arbitrary HTML if the target is a TEXTAREA custom field. Impact Cross-site scripting XSS Patches - c885af13f0b8596714ffe11df757c09f35fbd8f4 Workaround...

5.3CVSS5.9AI score0.00281EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 7:35 p.m.12 views

MantisBT is Vulnerable to Stored XSS in Saved-Filter Owner Column

Incorrect escaping of a saved filter's owner allows an attacker to inject arbitrary HTML on systems where $gshowuserrealname = ON. Impact Cross-site scripting XSS. Note that By default, only users with Manager access level or above can save their filters publicly Patches -...

7.5CVSS5.9AI score0.00419EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/11 7:35 p.m.14 views

GHSA-F633-865Q-2MHH MantisBT is Vulnerable to Stored XSS in Saved-Filter Owner Column

Incorrect escaping of a saved filter's owner allows an attacker to inject arbitrary HTML on systems where $gshowuserrealname = ON. Impact Cross-site scripting XSS. Note that By default, only users with Manager access level or above can save their filters publicly Patches -...

7.5CVSS5.9AI score0.00419EPSS
Exploits0References5
OSV
OSV
added 2026/05/11 7:35 p.m.6 views

GHSA-6JH4-47V2-4G37 MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page

Improper escaping of the redirection page retrieved from the request's Referer header allows an attacker to inject HTML. While this is generally not directly actionable as modern browsers will URL-encode special characters, on some specific server configurations this could poison the cache, leadi...

6.9CVSS5.7AI score0.00447EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/11 7:35 p.m.10 views

MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page

Improper escaping of the redirection page retrieved from the request's Referer header allows an attacker to inject HTML. While this is generally not directly actionable as modern browsers will URL-encode special characters, on some specific server configurations this could poison the cache, leadi...

6.9CVSS5.7AI score0.00447EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 7:34 p.m.10 views

MantisBT has a Content Security Policy bypass via attachments

Given any pre-existing XSS / HTML injection vulnerability, an attacker can bypass the Content Security Policy's script-src directive by uploading a crafted attachment to any issue that, when accessed via the filedownload.php link, will be downloaded with a valid JavaScript MIME type resulting in...

7.6CVSS5.8AI score0.00498EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/05/11 7:34 p.m.11 views

Improperly Implemented Security Check for Standard

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard in the filedownload.php process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by uploading a specially...

7.6CVSS6AI score0.00498EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/11 7:34 p.m.12 views

MantisBT is Vulnerable to XSS leading to account takeover via updating a user's font family preference

Any authenticated user can inject arbitrary HTML via updating their account's font family. Impact Cross-site scripting. The injected payload will be reflected in every MantisBT page. Leveraging another vulnerability CSP bypass, see GHSA-9c3j-xm6v-j7j3, the attacker could achieve account takeover...

7.2CVSS5.9AI score0.00424EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/05/11 7:34 p.m.4 views

GHSA-J3V9-553H-X28J MantisBT is Vulnerable to XSS leading to account takeover via updating a user's font family preference

Any authenticated user can inject arbitrary HTML via updating their account's font family. Impact Cross-site scripting. The injected payload will be reflected in every MantisBT page. Leveraging another vulnerability CSP bypass, see GHSA-9c3j-xm6v-j7j3, the attacker could achieve account takeover...

7.2CVSS5.9AI score0.00424EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/05/11 7:34 p.m.14 views

MantisBT is Vulnerable to Stored XSS in Custom Field Textarea Values

Improper escaping of a textarea custom field's contents in the Update Issue page bugupdatepage.php allows an attacker to inject HTML and, if CSP settings permit, execute arbitrary JavaScript when the page is loaded. Impact Session theft leading to admin account takeover, full project data access....

5.4CVSS6.8AI score0.0023EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder