CVE-2020-8981

The CVE-2020-8981 entry is linked to the MantisBT Source Integration plugin and is corroborated by multiple sources describing a cross-site scripting (XSS) vulnerability in the Manage Repository and Changesets List pages (via repo_manage_page.php or list.php). The related exploitation path can le...

CVE-2020-36192

The CVE-2020-36192 entry concerns the Source Integration plugin for MantisBT prior to version 2.4.1. The underlying issue allows an attacker to access the Summary field of private issues (private or in private projects) when they are tied to an existing Changeset. The leakage is observable on vie...

CVE-2018-16362

CVE-2018-16362 affects the Source Integration plugin for MantisBT, vulnerable in versions prior to 1.5.9 and 2.x prior to 2.1.5. The issue is a cross-site scripting (XSS) flaw on the Manage Repository and Changesets List pages, exploitable to run arbitrary code if CSP settings permit it via repo_...

CVE-2017-6958

The CVE-2017-6958 entry describes an XSS vulnerability in the MantisBT Source Integration Plugin (pre-2.0.2). The flaw allows an attacker to inject arbitrary HTML/JavaScript via crafted parameters on the plugin’s search results page, potentially exploiting CSP allowances in MantisBT. Affected com...