Mantisbt

mantisbt

127 CVEs • 3 products

Products (3)

Click to collapse

Toggle

Source Integration

source_integration

Linked Custom Fields

linked_custom_fields

CVEs (127)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2010-4349 1Mantisbt 1Mantisbt Apr 29, 2026 Jan 3, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsaf...Show more admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.Show less
CVE-2010-4348 1Mantisbt 1Mantisbt Apr 29, 2026 Jan 3, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the db_type parameter, related to an unsafe call by Man...Show more Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.Show less
CVE-2010-3763 1Mantisbt 1Mantisbt Apr 29, 2026 Oct 5, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in core/summary_api.php in MantisBT before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the Summary field, a different vector than CVE-2010-3303.
CVE-2010-3303 1Mantisbt 1Mantisbt Apr 29, 2026 Oct 5, 2010 N/A· v4 N/A· v3 3.5 LOW· v2 Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php;...Show more Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an enumeration value or (3) a String value of a custom field, related to core/cfdefs/cfdef_standard.php; or a (4) project or (5) category name to print_all_bug_page_word.php.Show less
CVE-2010-2802 1Mantisbt 1Mantisbt Apr 29, 2026 Sep 7, 2010 N/A· v4 N/A· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 allows remote authenticated users to inject arbitrary web script or HTML via an HTML document with a .gif filename extension, related to inline attachment...Show more Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 allows remote authenticated users to inject arbitrary web script or HTML via an HTML document with a .gif filename extension, related to inline attachments.Show less
CVE-2010-2574 1Mantisbt 1Mantisbt Apr 29, 2026 Aug 10, 2010 N/A· v4 N/A· v3 2.1 LOW· v2 Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action.
CVE-2008-3102 1Mantisbt 1Mantisbt Apr 23, 2026 Sep 24, 2008 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers...Show more Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.Show less

Previous 1 2 3 4 5 67