Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/113501?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/113501?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.28.1", "type": "composer", "namespace": "mantisbt", "name": "mantisbt", "version": "2.28.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.28.2", "latest_non_vulnerable_version": "2.28.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93341?format=api", "vulnerability_id": "VCID-3nh1-gqxv-jyce", "summary": "MantisBT has an Authorization Bypass that Allows Uploading Attachments to Private Issues via REST API\n### Impact\nMantisBT allows an authenticated user to upload attachments to private Issues they are not authorized to access.\n\n### Patches\n- b262b4d2835b81394d75356dead66e52a6275206\n\n### Workarounds\nNone.\n\n### Credits\nThanks to Vishal Shukla for discovering and responsibly reporting the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34754", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08411", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08347", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08403", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08423", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34754" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/b262b4d2835b81394d75356dead66e52a6275206", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T15:07:20Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/b262b4d2835b81394d75356dead66e52a6275206" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-h4x5-gvx6-3rwc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T15:07:20Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-h4x5-gvx6-3rwc" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=36976", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T15:07:20Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=36976" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34754", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34754" }, { "reference_url": "https://github.com/advisories/GHSA-h4x5-gvx6-3rwc", "reference_id": "GHSA-h4x5-gvx6-3rwc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h4x5-gvx6-3rwc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113540?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.28.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.28.2" } ], "aliases": [ "CVE-2026-34754", "GHSA-h4x5-gvx6-3rwc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3nh1-gqxv-jyce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91979?format=api", "vulnerability_id": "VCID-3p27-9b1r-nqbh", "summary": "MantisBT is Vulnerable to Stored XSS in Custom Field Textarea Values\nImproper escaping of a textarea custom field's contents in the Update Issue page (bug_update_page.php) allows an attacker to inject HTML and, if CSP settings permit, execute arbitrary JavaScript when the page is loaded.\n\n### Impact\nSession theft leading to admin account takeover, full project data access.\n\n- Precondition: A textarea-type custom field must be configured for the project\n- Attacker: Authenticated user with bug report permission (low privilege)\n- Victim: Any user viewing the bug edit form, including administrators\n\n### Patches\n- 5fec0f448b7a7d7d539a6adb6dccceac4e4e4ab7\n\n### Workarounds\nThe default Content-Security Policy will block script execution.\n\n### References\n- https://mantisbt.org/bugs/view.php?id=37003\n- This is related to [CVE-2024-34081](https://github.com/advisories/GHSA-wgx7-jp56-65mq).\n\n### Credits\nThanks to the following security researchers for independently discovering and responsibly reporting the issue, and providing a patch to fix it.\n- Thanks to Nozomu Sasaki (Paul) (@morimori-dev)\n- Tristan Madani (@TristanInSec) from Talence Security", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-39960", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10257", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10153", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10236", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10277", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-39960" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/5fec0f448b7a7d7d539a6adb6dccceac4e4e4ab7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-21T13:29:35Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/5fec0f448b7a7d7d539a6adb6dccceac4e4e4ab7" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-qj6w-v29q-4rgx", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-21T13:29:35Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-qj6w-v29q-4rgx" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=37003", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=37003" }, { "reference_url": "https://github.com/advisories/GHSA-qj6w-v29q-4rgx", "reference_id": "GHSA-qj6w-v29q-4rgx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qj6w-v29q-4rgx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113540?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.28.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.28.2" } ], "aliases": [ "CVE-2026-39960", "GHSA-qj6w-v29q-4rgx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3p27-9b1r-nqbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92346?format=api", "vulnerability_id": "VCID-41x9-p7gv-8fc2", "summary": "MantisBT Vulnerable to Privilege Escalation from Manager to Administrator\nInsufficient access control checks in _ProjectUsersAddCommand_ (used in *manage_proj_user_add.php* and REST API endpoint `PUT /project/{id}/users`) allows users having *manage_project_threshold* access level (*manager* by default) to grant project-level *administrator* access to any user (including themselves) in any Project they have *manager* rights in.\n\nThe normal project-user add form does restrict the selectable access levels to the actor's own project role or below. However, the backend handler still accepts a forged higher access_level value and writes it.\n\n### Impact\nPrivilege escalation.\n\nThe consequences of the privilege escalation are not as bad as it may sound, because having *administrator* access at Project level is effectively not very different from being *manager*, it does not actually give administrator privileges on the whole MantisBT instance. In particular, it does not let the upgraded user delete the Project or grant them any access to global administrative functions such as managing Users, Projects, Plugins, Custom Fields, etc. \n\n### Patches\n- 69e0180f180ed5acf48a8d281a73683a7bf32461\n\n### Workarounds\nNone\n\n### Credits\nThanks to the following security researchers for independently discovering and responsibly reporting the issue:\n- [Dracosec Research Limited](https://dracosec.tech/) (Siu Nam Tang, Chris Chan, Krecendo Hui, William Lam)\n- Vishal Shukla", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34390", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03348", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03308", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03328", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03358", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34390" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/69e0180f180ed5acf48a8d281a73683a7bf32461", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-20T13:05:44Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/69e0180f180ed5acf48a8d281a73683a7bf32461" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-frf7-jhp9-jxm6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-20T13:05:44Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-frf7-jhp9-jxm6" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=36995", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-20T13:05:44Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=36995" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=37002", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-20T13:05:44Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=37002" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34390", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34390" }, { "reference_url": "https://github.com/advisories/GHSA-frf7-jhp9-jxm6", "reference_id": "GHSA-frf7-jhp9-jxm6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-frf7-jhp9-jxm6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113540?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.28.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.28.2" } ], "aliases": [ "CVE-2026-34390", "GHSA-frf7-jhp9-jxm6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-41x9-p7gv-8fc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92840?format=api", "vulnerability_id": "VCID-9y6t-pvae-vuar", "summary": "MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page\nImproper escaping of the redirection page (retrieved from the request's *Referer* header) allows an attacker to inject HTML.\n\nWhile this is generally not directly actionable as modern browsers will URL-encode special characters, on some specific server configurations this could poison the cache, leading to cross-site scripting.\n\n### Impact\nCross-site scripting (XSS).\n\n### Patches\n- b1ebc57763f104eb5f541b7b4d1ce6948168abd9\n\n### Workarounds\nNone\n\n### Credits\nThanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40598", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.1863", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18512", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18594", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18633", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40598" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/b1ebc57763f104eb5f541b7b4d1ce6948168abd9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-23T02:39:01Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/b1ebc57763f104eb5f541b7b4d1ce6948168abd9" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-6jh4-47v2-4g37", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-23T02:39:01Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-6jh4-47v2-4g37" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=37017", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-23T02:39:01Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=37017" }, { "reference_url": "https://github.com/advisories/GHSA-6jh4-47v2-4g37", "reference_id": "GHSA-6jh4-47v2-4g37", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6jh4-47v2-4g37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113540?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.28.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.28.2" } ], "aliases": [ "CVE-2026-40598", "GHSA-6jh4-47v2-4g37" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9y6t-pvae-vuar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95068?format=api", "vulnerability_id": "VCID-bx5c-hd4c-r3hn", "summary": "MantisBT has an authorization bypass that allows reading attachments after losing access to a private issue\nMantisBT permits a user to list and download their own attachments from an Issue created by another user, even after that Issue becomes private and direct access to it is denied.\n\n### Impact\nThe loss of confidentiality caused by this vulnerability is minimal, considering that only the attachments that were previously uploaded by the user themselves remains accessible.\n\n### Patches\n- de7bdeec36de066235e38a77bf056917d951c84d\n\n### Workarounds\nNone.\n\n### Credits\n\nThanks to Vishal Shukla for discovering and responsibly reporting the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34744", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02532", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02459", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02475", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02533", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34744" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/de7bdeec36de066235e38a77bf056917d951c84d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T17:19:00Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/de7bdeec36de066235e38a77bf056917d951c84d" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-rmp5-5jj7-gmvf", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T17:19:00Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-rmp5-5jj7-gmvf" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=36977", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T17:19:00Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=36977" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34744", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34744" }, { "reference_url": "https://github.com/advisories/GHSA-rmp5-5jj7-gmvf", "reference_id": "GHSA-rmp5-5jj7-gmvf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rmp5-5jj7-gmvf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113540?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.28.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.28.2" } ], "aliases": [ "CVE-2026-34744", "GHSA-rmp5-5jj7-gmvf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bx5c-hd4c-r3hn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92156?format=api", "vulnerability_id": "VCID-cx6p-ncwb-k3bg", "summary": "MantisBT: Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked\nMantisBT allows a bugnote author to access the note's Revisions page after losing access to the parent private issue.\n\n### Impact\nDisclosure of the private Issue's Id and Summary. The bugnote full revision body remains secure.\n\n### Patches\n- 71df1f67e05b2050cd4bd87839e6cc13747cf03f\n\n### Workarounds\nNone\n\n### Credits \nThanks to Vishal Shukla for discovering and responsibly reporting the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34970", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.0309", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03031", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03048", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03099", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34970" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/71df1f67e05b2050cd4bd87839e6cc13747cf03f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-20T13:04:45Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/71df1f67e05b2050cd4bd87839e6cc13747cf03f" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-crmx-4p49-46m2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-20T13:04:45Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-crmx-4p49-46m2" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=36978", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-20T13:04:45Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=36978" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34970", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34970" }, { "reference_url": "https://github.com/advisories/GHSA-crmx-4p49-46m2", "reference_id": "GHSA-crmx-4p49-46m2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-crmx-4p49-46m2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113540?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.28.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.28.2" } ], "aliases": [ "CVE-2026-34970", "GHSA-crmx-4p49-46m2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cx6p-ncwb-k3bg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95444?format=api", "vulnerability_id": "VCID-es4b-p6jh-7fgf", "summary": "MantisBT has a Private Bugnote Attachment Content Leak via REST API\nA missing authorization check in MantisBT's file visibility function allows any authenticated user (REPORTER+) to download attachments on private bugnotes they should not be able to access, via the REST API endpoint GET /api/rest/issues/{id}/files and SOAP API mc_issue_attachment_get endpoint.\n\n### Impact\n- REPORTER (access level 25) can view file attachments that were uploaded to private bugnotes by DEVELOPER/MANAGER/ADMIN users\n- Private bugnotes are intended for internal developer discussion; their attachments (logs, screenshots, patches) should be equally protected\n- The web UI is NOT affected — it filters through bugnote_get_all_visible_bugnotes() first\n\n### Patches\n- 029d9d203d9e4ae96b3e59d552fa7395cc1e5071\n\n### Workarounds\nNone\n\n### Credits\nThanks to the following security researchers for independently discovering and responsibly reporting the issue.\n- Vishal Shukla \n- Tristan Madani (@TristanInSec) from Talence Security \n- Tang Cheuk Hei (@siunam321) \n\nThis advisory's contents was largely copied from Tristan's well-written report.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42071", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14742", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14625", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14707", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14749", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42071" }, { "reference_url": "https://github.com/advisories/GHSA-xjmx-cprh-646r", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xjmx-cprh-646r" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/029d9d203d9e4ae96b3e59d552fa7395cc1e5071", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T13:56:42Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/029d9d203d9e4ae96b3e59d552fa7395cc1e5071" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-pw5x-2mf9-3xc8", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T13:56:42Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-pw5x-2mf9-3xc8" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=27039", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T13:56:42Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=27039" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=36985", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T13:56:42Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=36985" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=37092", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T13:56:42Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=37092" }, { "reference_url": "https://github.com/advisories/GHSA-pw5x-2mf9-3xc8", "reference_id": "GHSA-pw5x-2mf9-3xc8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pw5x-2mf9-3xc8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113540?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.28.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.28.2" } ], "aliases": [ "CVE-2026-42071", "GHSA-pw5x-2mf9-3xc8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-es4b-p6jh-7fgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94832?format=api", "vulnerability_id": "VCID-hcet-rrn3-j7gj", "summary": "MantisBT has Stored XSS on Move Attachments Admin Page\nUnescaped Project Name allows an attacker that can set it (which typically requires manager or administrator access level) to inject HTML in Move Attachments admin page.\n\n### Impact\nCross-site scripting (XSS).\nThis is mitigated by Content Security Policy which restricts scripts execution.\n\n### Patches\n- 5cb4b469295889f5d2b01677c9bf82c143e0fdaa\n\n### Workarounds\nNone", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44655", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18054", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17941", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18017", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18055", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44655" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/5cb4b469295889f5d2b01677c9bf82c143e0fdaa", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T19:11:59Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/5cb4b469295889f5d2b01677c9bf82c143e0fdaa" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-7mqj-8gj2-cg59", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T19:11:59Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-7mqj-8gj2-cg59" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=37099", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=37099" }, { "reference_url": "https://github.com/advisories/GHSA-7mqj-8gj2-cg59", "reference_id": "GHSA-7mqj-8gj2-cg59", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7mqj-8gj2-cg59" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113540?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.28.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.28.2" } ], "aliases": [ "CVE-2026-44655", "GHSA-7mqj-8gj2-cg59" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hcet-rrn3-j7gj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91981?format=api", "vulnerability_id": "VCID-hjug-mc57-nyaf", "summary": "MantisBT is Vulnerable to Stored HTML Injection/XSS in Clone Issue Form\nWhen cloning an issue originating from a Project other than the current one, the clone form (bug_report_page.php) prepends the source Project name before the category selector without proper escaping, allowing an attacker able to to inject HTML if they can set the Project's name (which typically requires *manager* or *administrator* access level).\n\n\n### Impact\nCross-site scripting (XSS).\nThis is mitigated by Content Security Policy which restricts scripts execution.\n\n### Patches\n- df22697ae497ddd93f3d9132fdf4979db8d081cd\n\n### Workarounds\nMake sure Project names do not contain any HTML tags.\n\n### Credits\nThanks to Vishal Shukla for discovering and responsibly reporting the issue.\n\nThe vulnerability was also identified and independently reported by @siunam321 (Tang Cheuk Hei), prior to this Advisory's publication.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34463", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04523", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04469", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04504", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04516", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34463" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/df22697ae497ddd93f3d9132fdf4979db8d081cd", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T13:36:36Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/df22697ae497ddd93f3d9132fdf4979db8d081cd" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-fvjf-68wh-rwp2", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T13:36:36Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-fvjf-68wh-rwp2" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=36986", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T13:36:36Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=36986" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34463", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34463" }, { "reference_url": "https://github.com/advisories/GHSA-fvjf-68wh-rwp2", "reference_id": "GHSA-fvjf-68wh-rwp2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fvjf-68wh-rwp2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113540?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.28.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.28.2" } ], "aliases": [ "CVE-2026-34463", "GHSA-fvjf-68wh-rwp2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hjug-mc57-nyaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95377?format=api", "vulnerability_id": "VCID-kd7p-6ypr-hucb", "summary": "MantisBT has an authorization bypass in private issue monitoring\nUsing a crafted POST request to bug_monitor_add.php, a user with project-level access can add themselves as a monitor for a private issue they do not have access to. Despite displaying an Access Denied error, the application accepts the request and creates a monitor relationship for the private issue.\n\n\n### Impact\nDirect access to the private issue remains blocked, but the user will receive email notifications for updates, leading to disclosure of the private issue's metadata and content.\n\n### Patches\n- 0a93267deba445fb9d15250c16e6fdb1246ffa65\n\n### Workarounds\nNone\n\n### Credits\nThanks to Vishal Shukla for discovering and responsibly reporting the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34579", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02532", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02459", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02475", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02533", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34579" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/0a93267deba445fb9d15250c16e6fdb1246ffa65", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T14:25:53Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/0a93267deba445fb9d15250c16e6fdb1246ffa65" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-ggw7-9675-6v4v", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T14:25:53Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-ggw7-9675-6v4v" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=36975", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T14:25:53Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=36975" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34579", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34579" }, { "reference_url": "https://github.com/advisories/GHSA-ggw7-9675-6v4v", "reference_id": "GHSA-ggw7-9675-6v4v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ggw7-9675-6v4v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113540?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.28.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.28.2" } ], "aliases": [ "CVE-2026-34579", "GHSA-ggw7-9675-6v4v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kd7p-6ypr-hucb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95230?format=api", "vulnerability_id": "VCID-tmey-9ntn-xkf9", "summary": "MantisBT is Vulnerable to XSS leading to account takeover via updating a user's font family preference\nAny authenticated user can inject arbitrary HTML via updating their account's font family.\n\n### Impact\nCross-site scripting.\nThe injected payload will be reflected in every MantisBT page.\n\nLeveraging another vulnerability (CSP bypass, see [GHSA-9c3j-xm6v-j7j3](https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3)) the attacker could achieve account takeover.\n\n### Patches\n- 9e8409cdd979eba86ef532756fc47c1d8112d22d\n\n### Workarounds\nNone\n\n### Credits\nThanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40596", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17786", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17862", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17897", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.179", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40596" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/9e8409cdd979eba86ef532756fc47c1d8112d22d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T20:10:08Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/9e8409cdd979eba86ef532756fc47c1d8112d22d" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T20:10:08Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-j3v9-553h-x28j", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T20:10:08Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-j3v9-553h-x28j" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=37011", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T20:10:08Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=37011" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=37016", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T20:10:08Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=37016" }, { "reference_url": "https://github.com/advisories/GHSA-j3v9-553h-x28j", "reference_id": "GHSA-j3v9-553h-x28j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j3v9-553h-x28j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113540?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.28.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.28.2" } ], "aliases": [ "CVE-2026-40596", "GHSA-j3v9-553h-x28j" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tmey-9ntn-xkf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91393?format=api", "vulnerability_id": "VCID-tndh-byw2-xbh6", "summary": "MantisBT has Stored HTML Injection/XSS when displaying Tags in Timeline\nImproper escaping of tag names retrieved from History in Timeline (my_view_page.php) allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that has been renamed or deleted.\n\n### Impact\nCross-site scripting (XSS).\n\n### Patches\nf32787c14d4518476fe7f05f992dbfe6eaccd815\n\n### Workarounds\n* Edit offending History entries (using SQL)\n* Wrap `$this->tag_name` in a string_html_specialchars() call in IssueTagTimelineEvent::html()\n\n### Credits\nMantisBT thanks Vishal Shukla for discovering and responsibly reporting the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33548", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14592", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14675", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14717", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14711", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33548" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/f32787c14d4518476fe7f05f992dbfe6eaccd815", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T16:05:45Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/f32787c14d4518476fe7f05f992dbfe6eaccd815" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-73vx-49mv-v8w5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T16:05:45Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-73vx-49mv-v8w5" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=36973", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=36973" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33548", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33548" }, { "reference_url": "https://github.com/advisories/GHSA-73vx-49mv-v8w5", "reference_id": "GHSA-73vx-49mv-v8w5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-73vx-49mv-v8w5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113540?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.28.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.28.2" } ], "aliases": [ "CVE-2026-33548", "GHSA-73vx-49mv-v8w5" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tndh-byw2-xbh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92105?format=api", "vulnerability_id": "VCID-vgup-xrgt-57bd", "summary": "MantisBT Vulnerable to Stored XSS in File Download\nUsing *show_inline=1* parameter and a valid *file_show_inline_token* CSRF token on file_download.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript attachment.\n\n### Impact\nCross-site scripting\n\n### Patches\n- 26647b2e68ba30b9d7987d4e03d7a16416684bc2\n\n### Workarounds\nNone\n\n### Credits\nThanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44657", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22037", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22094", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22142", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22155", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44657" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/26647b2e68ba30b9d7987d4e03d7a16416684bc2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T14:49:46Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/26647b2e68ba30b9d7987d4e03d7a16416684bc2" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T14:49:46Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-p6fr-rxq7-xcg8", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T14:49:46Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-p6fr-rxq7-xcg8" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=37020", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T14:49:46Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=37020" }, { "reference_url": "https://github.com/advisories/GHSA-p6fr-rxq7-xcg8", "reference_id": "GHSA-p6fr-rxq7-xcg8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p6fr-rxq7-xcg8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113540?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.28.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.28.2" } ], "aliases": [ "CVE-2026-44657", "GHSA-p6fr-rxq7-xcg8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vgup-xrgt-57bd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93645?format=api", "vulnerability_id": "VCID-vgyy-dkby-w3ak", "summary": "MantisBT has a Content Security Policy bypass via attachments\nGiven any pre-existing XSS / HTML injection vulnerability, an attacker can bypass the Content Security Policy's _script-src_ directive by uploading a crafted attachment to any issue that, when accessed via the _file_download.php_ link, will be downloaded with a valid JavaScript MIME type resulting in script execution.\n\nThe uploaded payload must be sniffed as a valid JavaScript MIME type by PHP finfo (see file_create_finfo() API function). Non-JavaScript MIME types will not get imported in a `<script>` tag by the browser, due to response header X-Content-Type-Options being set to _nosniff_, which requires all imported JavaScript files to be a valid JavaScript MIME type.\n\n### Impact\nCross-site scripting\n\n### Patches\n- 9e3bee2e7b909f4e3596985892b8bc8bee9e0bfe\n\n### Workarounds\nNone\n\n### Credits\nThanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40597", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21822", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21705", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21764", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.2181", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40597" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/9e3bee2e7b909f4e3596985892b8bc8bee9e0bfe", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T19:05:54Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/9e3bee2e7b909f4e3596985892b8bc8bee9e0bfe" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T19:05:54Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=37016", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T19:05:54Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=37016" }, { "reference_url": "https://github.com/advisories/GHSA-9c3j-xm6v-j7j3", "reference_id": "GHSA-9c3j-xm6v-j7j3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9c3j-xm6v-j7j3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113540?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.28.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.28.2" } ], "aliases": [ "CVE-2026-40597", "GHSA-9c3j-xm6v-j7j3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vgyy-dkby-w3ak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93905?format=api", "vulnerability_id": "VCID-xq7x-rtzx-wkef", "summary": "MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API\nThe mc_issue_update() function in MantisBT allows users having *update_bug_threshold* access (UPDATER, with default settings) to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing the default DEVELOPER (level 55) threshold required by the dedicated mc_issue_note_update() function.\n\n### Impact\n1. UPDATER can edit notes by DEVELOPER/MANAGER/ADMIN — bypassing the DEVELOPER threshold\n2. UPDATER can change private notes to public — exposing confidential internal discussion\n3. UPDATER can change public notes to private — hiding information from reporters/viewers\n\n### Patches\n- 6e58fae4f22efdc3987f903c8ba2611de17a9435\n\n### Workarounds\nNone\n\n### Credits\nThanks to the following security researchers for independently discovering and responsibly reporting the issue.\n- Vishal Shukla \n- Tristan Madani (@TristanInSec) from Talence Security \n\nThis advisory's contents was largely copied from Tristan's well-written report.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42070", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13693", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13572", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13657", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13697", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42070" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/6e58fae4f22efdc3987f903c8ba2611de17a9435", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-02T13:49:49Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/6e58fae4f22efdc3987f903c8ba2611de17a9435" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-pq86-j2c2-47f6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-02T13:49:49Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-pq86-j2c2-47f6" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=37089", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-02T13:49:49Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=37089" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=37093", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-02T13:49:49Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=37093" }, { "reference_url": "https://github.com/advisories/GHSA-pq86-j2c2-47f6", "reference_id": "GHSA-pq86-j2c2-47f6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pq86-j2c2-47f6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113540?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.28.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.28.2" } ], "aliases": [ "CVE-2026-42070", "GHSA-pq86-j2c2-47f6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xq7x-rtzx-wkef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94991?format=api", "vulnerability_id": "VCID-xymn-y9me-kbh9", "summary": "MantisBT is Vulnerable to Stored XSS in Saved-Filter Owner Column\nIncorrect escaping of a saved filter's owner allows an attacker to inject arbitrary HTML on systems where $g_show_user_realname = ON.\n\n### Impact\nCross-site scripting (XSS).\n\nNote that By default, only users with *Manager* access level or above can save their filters publicly\n\n### Patches\n- 44f490bcf20fd491c1b8f3fc9dd041d8c2a30010\n\n### Workarounds\n- Prevent display of users' real name (set `$g_ show_user_realname = OFF;` in configuration)\n- Restrict ability to store filters (set $`g_stored_query_create_threshold` / $`g_stored_query_create_shared_threshold` to `NOBODY` \n\n### Credits\nThanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40607", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17138", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1702", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17099", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17133", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40607" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/44f490bcf20fd491c1b8f3fc9dd041d8c2a30010", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T18:51:03Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/44f490bcf20fd491c1b8f3fc9dd041d8c2a30010" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-f633-865q-2mhh", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T18:51:03Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-f633-865q-2mhh" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=37015", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T18:51:03Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=37015" }, { "reference_url": "https://github.com/advisories/GHSA-f633-865q-2mhh", "reference_id": "GHSA-f633-865q-2mhh", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f633-865q-2mhh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113540?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.28.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.28.2" } ], "aliases": [ "CVE-2026-40607", "GHSA-f633-865q-2mhh" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xymn-y9me-kbh9" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91349?format=api", "vulnerability_id": "VCID-843s-1vx7-nueb", "summary": "MantisBT is vulnerable to authentication bypass through the SOAP API on MySQL\nMantis Bug Tracker instances running on MySQL and compatible databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of improper type checking on the password parameter.\n\nOther database backends are not affected, as they do not perform implicit type conversion from string to integer.\n\n### Impact\nUsing a crafted SOAP envelope, an attacker knowing the victim's username is able to login to the SOAP API with their account without knowledge of the actual password, and execute any API function they have access to.\n\n### Patches\n* b349e5c890eeda9bd82e7c7e14479853f8a30d9f\n\n### Workarounds\n- [Disabling the SOAP API](https://mantisbt.org/docs/master/en-US/Admin_Guide/html-desktop/#admin.config.api.disable) significantly reduces the risk, but still allows the attacker to retrieve user account information including email address and real name.\n\n### Resources\n- https://mantisbt.org/bugs/view.php?id=36902\n\n### Credits\nMantisBT thanks Alexander Philiotis of SynerComm for discovering and responsibly reporting the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30849", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.3387", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33801", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33835", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33855", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30849" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/b349e5c890eeda9bd82e7c7e14479853f8a30d9f", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T18:29:55Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/b349e5c890eeda9bd82e7c7e14479853f8a30d9f" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-phrq-pc6r-f6gh", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T18:29:55Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-phrq-pc6r-f6gh" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30849", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30849" }, { "reference_url": "https://github.com/advisories/GHSA-phrq-pc6r-f6gh", "reference_id": "GHSA-phrq-pc6r-f6gh", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-phrq-pc6r-f6gh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113501?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.28.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3nh1-gqxv-jyce" }, { "vulnerability": "VCID-3p27-9b1r-nqbh" }, { "vulnerability": "VCID-41x9-p7gv-8fc2" }, { "vulnerability": "VCID-9y6t-pvae-vuar" }, { "vulnerability": "VCID-bx5c-hd4c-r3hn" }, { "vulnerability": "VCID-cx6p-ncwb-k3bg" }, { "vulnerability": "VCID-es4b-p6jh-7fgf" }, { "vulnerability": "VCID-hcet-rrn3-j7gj" }, { "vulnerability": "VCID-hjug-mc57-nyaf" }, { "vulnerability": "VCID-kd7p-6ypr-hucb" }, { "vulnerability": "VCID-tmey-9ntn-xkf9" }, { "vulnerability": "VCID-tndh-byw2-xbh6" }, { "vulnerability": "VCID-vgup-xrgt-57bd" }, { "vulnerability": "VCID-vgyy-dkby-w3ak" }, { "vulnerability": "VCID-xq7x-rtzx-wkef" }, { "vulnerability": "VCID-xymn-y9me-kbh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.28.1" } ], "aliases": [ "CVE-2026-30849", "GHSA-phrq-pc6r-f6gh" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-843s-1vx7-nueb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91478?format=api", "vulnerability_id": "VCID-pz1z-bah5-8fc9", "summary": "MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation\nImproper escaping of Tag name when deleting it in tag_delete.php allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript.\n\n### Impact\nCross-site scripting (XSS).\n\n### Patches\n80990f43153167c73f11eb4b2bc7108d0c3d6b46\n\n### Workarounds\n* Revert commit d6890320752ecf37bd74d11fe14fe7dc12335be9\n* Manually edit language files to remove the sprintf placeholder `%1$s` from *$s_tag_delete_message* string, for example with `sed -r -i '/tag_delete_message/s/.%1\\$s.//' -- lang/`\n\n### Credits\nMantisBT hanks Vishal Shukla for discovering and responsibly reporting the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33517", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15827", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15691", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15777", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15817", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33517" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/80990f43153167c73f11eb4b2bc7108d0c3d6b46", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:12:05Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/80990f43153167c73f11eb4b2bc7108d0c3d6b46" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/d6890320752ecf37bd74d11fe14fe7dc12335be9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:12:05Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/d6890320752ecf37bd74d11fe14fe7dc12335be9" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-fh48-f69w-7vmp", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:12:05Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-fh48-f69w-7vmp" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=36971", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=36971" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33517", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33517" }, { "reference_url": "https://github.com/advisories/GHSA-fh48-f69w-7vmp", "reference_id": "GHSA-fh48-f69w-7vmp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fh48-f69w-7vmp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113501?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.28.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3nh1-gqxv-jyce" }, { "vulnerability": "VCID-3p27-9b1r-nqbh" }, { "vulnerability": "VCID-41x9-p7gv-8fc2" }, { "vulnerability": "VCID-9y6t-pvae-vuar" }, { "vulnerability": "VCID-bx5c-hd4c-r3hn" }, { "vulnerability": "VCID-cx6p-ncwb-k3bg" }, { "vulnerability": "VCID-es4b-p6jh-7fgf" }, { "vulnerability": "VCID-hcet-rrn3-j7gj" }, { "vulnerability": "VCID-hjug-mc57-nyaf" }, { "vulnerability": "VCID-kd7p-6ypr-hucb" }, { "vulnerability": "VCID-tmey-9ntn-xkf9" }, { "vulnerability": "VCID-tndh-byw2-xbh6" }, { "vulnerability": "VCID-vgup-xrgt-57bd" }, { "vulnerability": "VCID-vgyy-dkby-w3ak" }, { "vulnerability": "VCID-xq7x-rtzx-wkef" }, { "vulnerability": "VCID-xymn-y9me-kbh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.28.1" } ], "aliases": [ "CVE-2026-33517", "GHSA-fh48-f69w-7vmp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pz1z-bah5-8fc9" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.28.1" }