← Back

Mantisbt

mantisbt

Vendor: Mantisbt • 122 CVEs

CVEs (122)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2010-2574
1Mantisbt
1Mantisbt
Apr 29, 2026
Aug 10, 2010
N/A· v4
N/A· v3
2.1 LOW· v2
Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action.
CVE-2008-3102
1Mantisbt
1Mantisbt
Apr 23, 2026
Sep 24, 2008
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers...Show more
Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.Show less