Lucene search
K

1149 matches found

OSV
OSV
added 2026/05/11 7:34 p.m.13 views

GHSA-QJ6W-V29Q-4RGX MantisBT is Vulnerable to Stored XSS in Custom Field Textarea Values

Improper escaping of a textarea custom field's contents in the Update Issue page bugupdatepage.php allows an attacker to inject HTML and, if CSP settings permit, execute arbitrary JavaScript when the page is loaded. Impact Session theft leading to admin account takeover, full project data access....

5.4CVSS6.1AI score0.0023EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/11 7:33 p.m.7 views

Information Exposure

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Information Exposure in the Revisions page for bugnotes after access to the parent private issue has been revoked. An attacker can obtain the private issue's ID and summary by accessing the...

5.3CVSS5.7AI score0.00372EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/11 7:33 p.m.12 views

MantisBT has an Authorization Bypass that Allows Uploading Attachments to Private Issues via REST API

Impact MantisBT allows an authenticated user to upload attachments to private Issues they are not authorized to access. Patches - b262b4d2835b81394d75356dead66e52a6275206 Workarounds None. Credits Thanks to Vishal Shukla for discovering and responsibly reporting the issue...

4.3CVSS5.8AI score0.00248EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/11 7:33 p.m.7 views

GHSA-H4X5-GVX6-3RWC MantisBT has an Authorization Bypass that Allows Uploading Attachments to Private Issues via REST API

Impact MantisBT allows an authenticated user to upload attachments to private Issues they are not authorized to access. Patches - b262b4d2835b81394d75356dead66e52a6275206 Workarounds None. Credits Thanks to Vishal Shukla for discovering and responsibly reporting the issue...

4.3CVSS5.8AI score0.00248EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/11 7:32 p.m.9 views

Information Exposure

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Information Exposure in the attachment access process. An attacker can gain unauthorized access to attachments they previously uploaded by listing and downloading them from issues that have sin...

5.3CVSS5.8AI score0.00362EPSS
Exploits0References2
OSV
OSV
added 2026/05/11 7:32 p.m.11 views

GHSA-RMP5-5JJ7-GMVF MantisBT has an authorization bypass that allows reading attachments after losing access to a private issue

MantisBT permits a user to list and download their own attachments from an Issue created by another user, even after that Issue becomes private and direct access to it is denied. Impact The loss of confidentiality caused by this vulnerability is minimal, considering that only the attachments that...

5.3CVSS5.8AI score0.00362EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/11 7:32 p.m.7 views

Insertion of Sensitive Information Into Sent Data

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the bugmonitoradd.php process. An attacker can gain unauthorized access to sensitive metadata and content of private issues by submitting a...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References2
OSV
OSV
added 2026/05/11 7:32 p.m.7 views

GHSA-GGW7-9675-6V4V MantisBT has an authorization bypass in private issue monitoring

Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a private issue they do not have access to. Despite displaying an Access Denied error, the application accepts the request and creates a monitor relationship for the private...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/11 7:32 p.m.9 views

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the bugreportpage.php process when cloning an issue from a different project, due to improper escaping of the source project name. An attacker with sufficient...

8.6CVSS5.6AI score0.00444EPSS
Exploits0References2
OSV
OSV
added 2026/05/11 7:32 p.m.8 views

GHSA-FVJF-68WH-RWP2 MantisBT is Vulnerable to Stored HTML Injection/XSS in Clone Issue Form

When cloning an issue originating from a Project other than the current one, the clone form bugreportpage.php prepends the source Project name before the category selector without proper escaping, allowing an attacker able to to inject HTML if they can set the Project's name which typically...

8.6CVSS5.8AI score0.00444EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/11 7:32 p.m.7 views

Access Control Bypass

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Access Control Bypass via insufficient access control checks in the ProjectUsersAddCommand process. An attacker can escalate their project-level privileges by submitting a forged higher...

5.1CVSS5.8AI score0.00427EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/11 7:32 p.m.8 views

MantisBT Vulnerable to Privilege Escalation from Manager to Administrator

Insufficient access control checks in ProjectUsersAddCommand used in manageprojuseradd.php and REST API endpoint PUT /project/id/users allows users having manageprojectthreshold access level manager by default to grant project-level administrator access to any user including themselves in any...

5.1CVSS5.9AI score0.00427EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 5:58 p.m.11 views

MantisBT Has Authorization Bypass in Global Profile Creation

MantisBT allows a low-privileged authenticated user having addprofilethreshold to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a valid profile creation request. Impact Authentication bypass Patches -...

5.3CVSS5.8AI score0.0034EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/11 5:58 p.m.18 views

GHSA-68W5-W573-Q2R8 MantisBT Has Authorization Bypass in Global Profile Creation

MantisBT allows a low-privileged authenticated user having addprofilethreshold to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a valid profile creation request. Impact Authentication bypass Patches -...

5.3CVSS5.8AI score0.0034EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.15 views

PT-2026-39889

Name of the Vulnerable Software and Affected Versions MantisBT affected versions not specified Description Lack of validation of the filter target parameter in the 'return dynamic filters.php' endpoint allows an attacker to inject arbitrary HTML when the target is a TEXTAREA custom field, leading...

5.3CVSS5.9AI score0.00281EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.16 views

PT-2026-39873

Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker MantisBT versions 2.28.0 through 2.28.1 Description A low-privileged authenticated user with the add profile threshold permission can create a global profile even without the manage global profile threshold permission. This ...

5.3CVSS5.8AI score0.0034EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.10 views

PT-2026-39877

MantisBT permits a user to list and download their own attachments from an Issue created by another user, even after that Issue becomes private and direct access to it is denied. Impact The loss of confidentiality caused by this vulnerability is minimal, considering that only the attachments that...

5.3CVSS5.8AI score0.00362EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.24 views

PT-2026-39884

Name of the Vulnerable Software and Affected Versions MantisBT affected versions not specified Description Incorrect escaping of a saved filter's owner allows an attacker to inject arbitrary HTML on systems where the $g show user realname variable is set to ON, leading to Cross-site scripting XSS...

7.5CVSS5.9AI score0.00419EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.13 views

PT-2026-39900

Name of the Vulnerable Software and Affected Versions MantisBT affected versions not specified Description An attacker can execute code via stored cross-site scripting XSS by uploading a crafted XHTML attachment that references a JavaScript attachment. This is achieved by using the 'file...

7.5CVSS5.8AI score0.00349EPSS
Exploits0References10
OSV
OSV
added 2026/03/25 8:9 p.m.3 views

GHSA-73VX-49MV-V8W5 MantisBT has Stored HTML Injection/XSS when displaying Tags in Timeline

Improper escaping of tag names retrieved from History in Timeline myviewpage.php allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that has been renamed or deleted. Impact Cross-site scripting XSS. Patches...

8.6CVSS6.1AI score0.00196EPSS
Exploits0References5
Rows per page
Query Builder