Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/150792?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/150792?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.3.2", "type": "composer", "namespace": "mantisbt", "name": "mantisbt", "version": "2.3.2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.28.2", "latest_non_vulnerable_version": "2.28.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54783?format=api", "vulnerability_id": "VCID-1n7b-6pyz-cka5", "summary": "Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process\nInsufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending.\n\nThe exploit is only possible while the verification token is valid, i.e for 5 minutes after the confirmation URL sent by e-mail has been opened, and the user did not complete the process by updating their password.\n\nA brute-force attack calling account_update.php with increasing user IDs is possible.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34077", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45324", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34077" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/92d11a01b195a1b6717a2f205218089158ea6d00", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-13T19:51:24Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/92d11a01b195a1b6717a2f205218089158ea6d00" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=34433", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-13T19:51:24Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=34433" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34077", "reference_id": "CVE-2024-34077", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34077" }, { "reference_url": "https://github.com/advisories/GHSA-93x3-m7pw-ppqm", "reference_id": "GHSA-93x3-m7pw-ppqm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-93x3-m7pw-ppqm" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-93x3-m7pw-ppqm", "reference_id": "GHSA-93x3-m7pw-ppqm", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-13T19:51:24Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-93x3-m7pw-ppqm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81243?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.26.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.26.2" } ], "aliases": [ "CVE-2024-34077", "GHSA-93x3-m7pw-ppqm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1n7b-6pyz-cka5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112159?format=api", "vulnerability_id": "VCID-1nq1-6hwz-7kcq", "summary": "MantisBT HTML Injection vulnerability\nAn issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via `bug_actiongroup_page.php`.", "references": [ { "reference_url": "http://github.com/mantisbt/mantisbt/commit/8c6f4d8859785b67fb80ac65100ac5259ed9237d", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/mantisbt/mantisbt/commit/8c6f4d8859785b67fb80ac65100ac5259ed9237d" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25830", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69756", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69716", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25830" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=27304", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=27304" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25830", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25830" }, { "reference_url": "https://github.com/advisories/GHSA-2pm7-q8pc-xhvq", "reference_id": "GHSA-2pm7-q8pc-xhvq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2pm7-q8pc-xhvq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150408?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.24.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-5mtg-nbrw-jyhp" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8hsn-cvrk-1uh5" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-fwyx-hjd4-b7hh" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-kh1w-q4tc-6yhd" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-qazy-c4se-fyfb" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-w3u1-um27-1uay" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.24.3" } ], "aliases": [ "CVE-2020-25830", "GHSA-2pm7-q8pc-xhvq" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1nq1-6hwz-7kcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112321?format=api", "vulnerability_id": "VCID-1v33-u5bm-pyem", "summary": "MantisBT Remote Code Execution\nMantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/159219/Mantis-Bug-Tracker-2.3.0-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/159219/Mantis-Bug-Tracker-2.3.0-Remote-Code-Execution.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15715", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.2133", "scoring_system": "epss", "scoring_elements": "0.95799", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.2133", "scoring_system": "epss", "scoring_elements": "0.95795", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15715" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/5fb979604d88c630343b3eaf2b435cd41918c501", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/5fb979604d88c630343b3eaf2b435cd41918c501" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/7092573fac31eff41823f13540324db167c8bd52", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/7092573fac31eff41823f13540324db167c8bd52" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/cebfb9acb3686e8904d80bd4bc80720b54ba08e5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/cebfb9acb3686e8904d80bd4bc80720b54ba08e5" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/fc7668c8e45db55fc3a4b991ea99d2b80861a14c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/fc7668c8e45db55fc3a4b991ea99d2b80861a14c" }, { "reference_url": "https://mantisbt.org/bugs/changelog_page.php?project=mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/changelog_page.php?project=mantisbt" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=26091", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=26091" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=26162", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=26162" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15715", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15715" }, { "reference_url": "https://github.com/advisories/GHSA-v23g-wjvq-2fpf", "reference_id": "GHSA-v23g-wjvq-2fpf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v23g-wjvq-2fpf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/155615?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.22.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-1nq1-6hwz-7kcq" }, { "vulnerability": "VCID-5mtg-nbrw-jyhp" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8hsn-cvrk-1uh5" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-fwyx-hjd4-b7hh" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jqsn-z754-57ek" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-kh1w-q4tc-6yhd" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-qazy-c4se-fyfb" }, { "vulnerability": "VCID-smvy-4xzy-4fbq" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-w3u1-um27-1uay" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.22.1" } ], "aliases": [ "CVE-2019-15715", "GHSA-v23g-wjvq-2fpf" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1v33-u5bm-pyem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111910?format=api", "vulnerability_id": "VCID-516n-s5ts-eyg8", "summary": "MantisBT cross-site scripting (XSS) vulnerability through crafted PATH_INFO\nA cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filter_edit_page.php) in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-13055.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16514", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.48797", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.48859", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16514" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/blob/006cd0cd90c37097e1a065fd3e59ce2534490834/core/filter_form_api.php#L2779", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/blob/006cd0cd90c37097e1a065fd3e59ce2534490834/core/filter_form_api.php#L2779" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/66091a42626631a3063774eb0fb8a4218ab22fd4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/66091a42626631a3063774eb0fb8a4218ab22fd4" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=24731", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=24731" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16514", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16514" }, { "reference_url": "https://github.com/advisories/GHSA-3qv7-98vm-xx2v", "reference_id": "GHSA-3qv7-98vm-xx2v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3qv7-98vm-xx2v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/154394?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.17.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-1nq1-6hwz-7kcq" }, { "vulnerability": "VCID-1v33-u5bm-pyem" }, { "vulnerability": "VCID-5mtg-nbrw-jyhp" }, { "vulnerability": "VCID-6tnt-m23j-pyhv" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8cnw-f9a5-aygc" }, { "vulnerability": "VCID-8hsn-cvrk-1uh5" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-fwyx-hjd4-b7hh" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-hz9e-tmbf-uydt" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jqsn-z754-57ek" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-kh1w-q4tc-6yhd" }, { "vulnerability": "VCID-m956-44xf-2qfz" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-qazy-c4se-fyfb" }, { "vulnerability": "VCID-smvy-4xzy-4fbq" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-w3u1-um27-1uay" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.17.1" } ], "aliases": [ "CVE-2018-16514", "GHSA-3qv7-98vm-xx2v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-516n-s5ts-eyg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112039?format=api", "vulnerability_id": "VCID-5mtg-nbrw-jyhp", "summary": "MantisBT Missing Authorization access check in bug_actiongroup.php\nAn issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php allows an attacker (with rights to create new issues) to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue (i.e., one having Private view status, or belonging to a private Project) via the bug_arr[] parameter. This provides full access to potentially confidential information.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29604", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.4374", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43811", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29604" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/b2da7352b0ad31fa5f925eaacb4b2b96a6cec8e8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/b2da7352b0ad31fa5f925eaacb4b2b96a6cec8e8" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=27357", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=27357" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=27728", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=27728" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29604", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29604" }, { "reference_url": "https://github.com/advisories/GHSA-f38c-wxp6-8xjv", "reference_id": "GHSA-f38c-wxp6-8xjv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f38c-wxp6-8xjv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/152011?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.24.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-kh1w-q4tc-6yhd" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.24.4" } ], "aliases": [ "CVE-2020-29604", "GHSA-f38c-wxp6-8xjv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5mtg-nbrw-jyhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44071?format=api", "vulnerability_id": "VCID-6tnt-m23j-pyhv", "summary": "MantisBT allows XSS via Edit Filter page\nA cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17783", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38935", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39023", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17783" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/b9453cd7643b7c5b1b8c716b1dbd4d7d9571d1ec", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/b9453cd7643b7c5b1b8c716b1dbd4d7d9571d1ec" }, { "reference_url": "https://mantisbt.org/blog/archives/mantisbt/613", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/blog/archives/mantisbt/613" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=24814", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=24814" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17783", "reference_id": "CVE-2018-17783", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17783" }, { "reference_url": "https://github.com/advisories/GHSA-gcqw-45xq-xc63", "reference_id": "GHSA-gcqw-45xq-xc63", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gcqw-45xq-xc63" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62992?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.17.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-1nq1-6hwz-7kcq" }, { "vulnerability": "VCID-1v33-u5bm-pyem" }, { "vulnerability": "VCID-5mtg-nbrw-jyhp" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8cnw-f9a5-aygc" }, { "vulnerability": "VCID-8hsn-cvrk-1uh5" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-fwyx-hjd4-b7hh" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jqsn-z754-57ek" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-kh1w-q4tc-6yhd" }, { "vulnerability": "VCID-m956-44xf-2qfz" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-qazy-c4se-fyfb" }, { "vulnerability": "VCID-smvy-4xzy-4fbq" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-w3u1-um27-1uay" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.17.2" } ], "aliases": [ "CVE-2018-17783", "GHSA-gcqw-45xq-xc63" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6tnt-m23j-pyhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91349?format=api", "vulnerability_id": "VCID-843s-1vx7-nueb", "summary": "MantisBT is vulnerable to authentication bypass through the SOAP API on MySQL\nMantis Bug Tracker instances running on MySQL and compatible databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of improper type checking on the password parameter.\n\nOther database backends are not affected, as they do not perform implicit type conversion from string to integer.\n\n### Impact\nUsing a crafted SOAP envelope, an attacker knowing the victim's username is able to login to the SOAP API with their account without knowledge of the actual password, and execute any API function they have access to.\n\n### Patches\n* b349e5c890eeda9bd82e7c7e14479853f8a30d9f\n\n### Workarounds\n- [Disabling the SOAP API](https://mantisbt.org/docs/master/en-US/Admin_Guide/html-desktop/#admin.config.api.disable) significantly reduces the risk, but still allows the attacker to retrieve user account information including email address and real name.\n\n### Resources\n- https://mantisbt.org/bugs/view.php?id=36902\n\n### Credits\nMantisBT thanks Alexander Philiotis of SynerComm for discovering and responsibly reporting the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30849", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33855", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30849" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/b349e5c890eeda9bd82e7c7e14479853f8a30d9f", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T18:29:55Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/b349e5c890eeda9bd82e7c7e14479853f8a30d9f" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-phrq-pc6r-f6gh", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T18:29:55Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-phrq-pc6r-f6gh" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30849", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30849" }, { "reference_url": "https://github.com/advisories/GHSA-phrq-pc6r-f6gh", "reference_id": "GHSA-phrq-pc6r-f6gh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-phrq-pc6r-f6gh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113501?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.28.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-tndh-byw2-xbh6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.28.1" } ], "aliases": [ "CVE-2026-30849", "GHSA-phrq-pc6r-f6gh" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-843s-1vx7-nueb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55908?format=api", "vulnerability_id": "VCID-8676-5hmd-s3hm", "summary": "MantisBT vulnerable to information disclosure with user profiles\nUsing a crafted POST request, an unprivileged, registered user is able to retrieve information about other users' personal system profiles.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45792", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00663", "scoring_system": "epss", "scoring_elements": "0.71606", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45792" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/56bbd02dc1fb33a8de5898fd17dc3d698c847f55", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/56bbd02dc1fb33a8de5898fd17dc3d698c847f55" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/ef0f820284032350cc20a39ff9cb2010d5463b41", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:31:35Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/ef0f820284032350cc20a39ff9cb2010d5463b41" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=34640", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:31:35Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=34640" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45792", "reference_id": "CVE-2024-45792", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45792" }, { "reference_url": "https://github.com/advisories/GHSA-h5q3-fjp4-2x7r", "reference_id": "GHSA-h5q3-fjp4-2x7r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h5q3-fjp4-2x7r" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-h5q3-fjp4-2x7r", "reference_id": "GHSA-h5q3-fjp4-2x7r", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:31:35Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-h5q3-fjp4-2x7r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82810?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.26.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.26.4" } ], "aliases": [ "CVE-2024-45792", "GHSA-h5q3-fjp4-2x7r" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8676-5hmd-s3hm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111741?format=api", "vulnerability_id": "VCID-8cnw-f9a5-aygc", "summary": "MantisBT XSS when uploading an attachment\nThe proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed when editing the document's page.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15539", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00522", "scoring_system": "epss", "scoring_elements": "0.67249", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00522", "scoring_system": "epss", "scoring_elements": "0.6729", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15539" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/bd094dede74ff6e313e286e949e2387233a96eea", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/bd094dede74ff6e313e286e949e2387233a96eea" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=26078", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=26078" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15539", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15539" }, { "reference_url": "https://github.com/advisories/GHSA-p495-jrpq-p66g", "reference_id": "GHSA-p495-jrpq-p66g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p495-jrpq-p66g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/153825?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.21.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-1nq1-6hwz-7kcq" }, { "vulnerability": "VCID-1v33-u5bm-pyem" }, { "vulnerability": "VCID-5mtg-nbrw-jyhp" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8hsn-cvrk-1uh5" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-fwyx-hjd4-b7hh" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jqsn-z754-57ek" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-kh1w-q4tc-6yhd" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-qazy-c4se-fyfb" }, { "vulnerability": "VCID-smvy-4xzy-4fbq" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-w3u1-um27-1uay" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.21.3" } ], "aliases": [ "CVE-2019-15539", "GHSA-p495-jrpq-p66g" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8cnw-f9a5-aygc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111355?format=api", "vulnerability_id": "VCID-8hsn-cvrk-1uh5", "summary": "MantisBT Incorrect Authorization for bug_revision_view_page.php check\nAn issue was discovered in MantisBT before 2.24.4. An incorrect access check in bug_revision_view_page.php allows an unprivileged attacker to view the Summary field of private issues, as well as bugnotes revisions, gaining access to potentially confidential information via the bugnote_id parameter.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35849", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00762", "scoring_system": "epss", "scoring_elements": "0.73738", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00762", "scoring_system": "epss", "scoring_elements": "0.73775", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35849" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/e9fd168c519a46c2cd0f3cb835e9ce5dba77fc4d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/e9fd168c519a46c2cd0f3cb835e9ce5dba77fc4d" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=27370", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=27370" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35849", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35849" }, { "reference_url": "https://github.com/advisories/GHSA-7j8m-fm49-xgmg", "reference_id": "GHSA-7j8m-fm49-xgmg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7j8m-fm49-xgmg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/152011?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.24.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-kh1w-q4tc-6yhd" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.24.4" } ], "aliases": [ "CVE-2020-35849", "GHSA-7j8m-fm49-xgmg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8hsn-cvrk-1uh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48327?format=api", "vulnerability_id": "VCID-8wux-1k2d-sbam", "summary": "MantisBT lacks verification when changing a user's email address\nWhen a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55155", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07861", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55155" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/21e9fbedde8553c29c0d3156e84f78157fc4f22e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-04T21:03:02Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/21e9fbedde8553c29c0d3156e84f78157fc4f22e" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=36005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-04T21:03:02Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=36005" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55155", "reference_id": "CVE-2025-55155", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55155" }, { "reference_url": "https://github.com/advisories/GHSA-q747-c74m-69pr", "reference_id": "GHSA-q747-c74m-69pr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q747-c74m-69pr" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-q747-c74m-69pr", "reference_id": "GHSA-q747-c74m-69pr", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-04T21:03:02Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-q747-c74m-69pr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71320?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.27.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-843s-1vx7-nueb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.27.2" } ], "aliases": [ "CVE-2025-55155", "GHSA-q747-c74m-69pr" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8wux-1k2d-sbam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48324?format=api", "vulnerability_id": "VCID-d3yt-mkwe-33hu", "summary": "MantisBT Vulnerable to Denial-of-Service (DoS) via Excessive Note Length\nA lack of server-side validation for note length in MantisBT allows attackers to permanently corrupt issue activity logs by submitting extremely long notes (tested with 4,788,761 characters). Once such a note is added:", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-46556", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20074", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-46556" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/c99a41272532ba49b5c8dccb7797afead9864234", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-06T20:44:31Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/c99a41272532ba49b5c8dccb7797afead9864234" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/d5cec6bffb44d54bd412c186b9baa409b1aa4238", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-06T20:44:31Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/d5cec6bffb44d54bd412c186b9baa409b1aa4238" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/e9119c68b4a0eaa0bbde3deb121e81f5f7157361", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-06T20:44:31Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/e9119c68b4a0eaa0bbde3deb121e81f5f7157361" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46556", "reference_id": "CVE-2025-46556", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46556" }, { "reference_url": "https://github.com/advisories/GHSA-r3jf-hm7q-qfw5", "reference_id": "GHSA-r3jf-hm7q-qfw5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r3jf-hm7q-qfw5" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-r3jf-hm7q-qfw5", "reference_id": "GHSA-r3jf-hm7q-qfw5", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-06T20:44:31Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-r3jf-hm7q-qfw5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71320?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.27.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-843s-1vx7-nueb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.27.2" } ], "aliases": [ "CVE-2025-46556", "GHSA-r3jf-hm7q-qfw5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d3yt-mkwe-33hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43899?format=api", "vulnerability_id": "VCID-dy4y-w8g5-9udt", "summary": "MantisBT allows XSS on the Edit Filter page via crafted filter name\nAn issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'foobar\" onclick=\"alert(1)').", "references": [ { "reference_url": "http://github.com/mantisbt/mantisbt/commit/8b5fa243dbf04344a55fe880135ec149fc1f439f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/mantisbt/mantisbt/commit/8b5fa243dbf04344a55fe880135ec149fc1f439f" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14504", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00482", "scoring_system": "epss", "scoring_elements": "0.65559", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00482", "scoring_system": "epss", "scoring_elements": "0.65507", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14504" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://mantisbt.org/blog/archives/mantisbt/602", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/blog/archives/mantisbt/602" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=24608", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=24608" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14504", "reference_id": "CVE-2018-14504", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14504" }, { "reference_url": "https://github.com/advisories/GHSA-74gh-5j33-vg4w", "reference_id": "GHSA-74gh-5j33-vg4w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-74gh-5j33-vg4w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63083?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.15.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-1nq1-6hwz-7kcq" }, { "vulnerability": "VCID-1v33-u5bm-pyem" }, { "vulnerability": "VCID-516n-s5ts-eyg8" }, { "vulnerability": "VCID-5mtg-nbrw-jyhp" }, { "vulnerability": "VCID-6tnt-m23j-pyhv" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8cnw-f9a5-aygc" }, { "vulnerability": "VCID-8hsn-cvrk-1uh5" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-fwyx-hjd4-b7hh" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-hz9e-tmbf-uydt" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jqsn-z754-57ek" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-kh1w-q4tc-6yhd" }, { "vulnerability": "VCID-m956-44xf-2qfz" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-qazy-c4se-fyfb" }, { "vulnerability": "VCID-smvy-4xzy-4fbq" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-w3u1-um27-1uay" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.15.1" } ], "aliases": [ "CVE-2018-14504", "GHSA-74gh-5j33-vg4w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dy4y-w8g5-9udt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47044?format=api", "vulnerability_id": "VCID-ed8g-bc8k-dkgq", "summary": "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')\nMantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As a workaround, define `$g_path` as appropriate in `config_inc.php`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23830", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01732", "scoring_system": "epss", "scoring_elements": "0.82832", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23830" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/7055731d09ff12b2781410a372f790172e279744", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T16:05:28Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/7055731d09ff12b2781410a372f790172e279744" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=19381", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T16:05:28Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=19381" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23830", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23830" }, { "reference_url": "https://github.com/advisories/GHSA-mcqj-7p29-9528", "reference_id": "GHSA-mcqj-7p29-9528", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mcqj-7p29-9528" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-mcqj-7p29-9528", "reference_id": "GHSA-mcqj-7p29-9528", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T16:05:28Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-mcqj-7p29-9528" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69016?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.26.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.26.1" } ], "aliases": [ "CVE-2024-23830", "GHSA-mcqj-7p29-9528" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ed8g-bc8k-dkgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111781?format=api", "vulnerability_id": "VCID-fwyx-hjd4-b7hh", "summary": "MantisBT Incorrect Authorization in bug_actiongroup_page.php\nAn issue was discovered in MantisBT before 2.24.4. Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary fields of private Issues via bug_arr[]= in a crafted bug_actiongroup_page.php URL. (The target Issues can have Private view status, or belong to a private Project.)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29605", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.3477", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34866", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29605" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/9322c8c9f57fb72f3b8b033889a6a09c441d5be0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/9322c8c9f57fb72f3b8b033889a6a09c441d5be0" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=27357", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=27357" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=27727", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=27727" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29605", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29605" }, { "reference_url": "https://github.com/advisories/GHSA-pgg9-mmcg-8mxp", "reference_id": "GHSA-pgg9-mmcg-8mxp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pgg9-mmcg-8mxp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/152011?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.24.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-kh1w-q4tc-6yhd" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.24.4" } ], "aliases": [ "CVE-2020-29605", "GHSA-pgg9-mmcg-8mxp" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fwyx-hjd4-b7hh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43766?format=api", "vulnerability_id": "VCID-gnd3-529f-ube6", "summary": "MantisBT XSS allows unsanitized input via admin/install.php\nAn XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by the $f_database, $f_db_username, and $f_admin_username variables. This is mitigated by the fact that the admin/ folder should be deleted after installation, and also prevented by CSP.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2017/08/01/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2017/08/01/1" }, { "reference_url": "http://openwall.com/lists/oss-security/2017/08/01/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2017/08/01/2" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12061", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01034", "scoring_system": "epss", "scoring_elements": "0.77735", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01034", "scoring_system": "epss", "scoring_elements": "0.77708", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12061" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/17f9b94f031ba93ae2a727bca0e68458ecd08fb0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/17f9b94f031ba93ae2a727bca0e68458ecd08fb0" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/c73ae3d3d4dd4681489a9e697e8ade785e27cba5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/c73ae3d3d4dd4681489a9e697e8ade785e27cba5" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=23146", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=23146" }, { "reference_url": "https://web.archive.org/web/20170811053146/http://www.securitytracker.com/id/1039030", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170811053146/http://www.securitytracker.com/id/1039030" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12061", "reference_id": "CVE-2017-12061", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12061" }, { "reference_url": "https://github.com/advisories/GHSA-98xr-mmq5-vc5h", "reference_id": "GHSA-98xr-mmq5-vc5h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-98xr-mmq5-vc5h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62831?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-1nq1-6hwz-7kcq" }, { "vulnerability": "VCID-1v33-u5bm-pyem" }, { "vulnerability": "VCID-516n-s5ts-eyg8" }, { "vulnerability": "VCID-5mtg-nbrw-jyhp" }, { "vulnerability": "VCID-6tnt-m23j-pyhv" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8cnw-f9a5-aygc" }, { "vulnerability": "VCID-8hsn-cvrk-1uh5" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-dy4y-w8g5-9udt" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-fwyx-hjd4-b7hh" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-hz9e-tmbf-uydt" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jqsn-z754-57ek" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-kh1w-q4tc-6yhd" }, { "vulnerability": "VCID-m956-44xf-2qfz" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-qazy-c4se-fyfb" }, { "vulnerability": "VCID-smvy-4xzy-4fbq" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-w3u1-um27-1uay" }, { "vulnerability": "VCID-x9k5-hczy-u3cd" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.5.2" } ], "aliases": [ "CVE-2017-12061", "GHSA-98xr-mmq5-vc5h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gnd3-529f-ube6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43277?format=api", "vulnerability_id": "VCID-hxaw-gp24-9kfv", "summary": "MantisBT vulnerable to XSS via unescaped output in browser_search_plugin.php\nAn XSS issue was discovered in browser_search_plugin.php in MantisBT up to and including 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28508", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07116", "scoring_system": "epss", "scoring_elements": "0.91687", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.22039", "scoring_system": "epss", "scoring_elements": "0.95892", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28508" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/YavuzSahbaz/CVE-2022-28508/blob/main/MantisBT%202.25.2%20XSS%20vulnurability", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/YavuzSahbaz/CVE-2022-28508/blob/main/MantisBT%202.25.2%20XSS%20vulnurability" }, { "reference_url": "https://mantisbt.org", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org" }, { "reference_url": "https://sourceforge.net/projects/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://sourceforge.net/projects/mantisbt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28508", "reference_id": "CVE-2022-28508", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28508" }, { "reference_url": "https://github.com/advisories/GHSA-wfg2-2wmw-6894", "reference_id": "GHSA-wfg2-2wmw-6894", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wfg2-2wmw-6894" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61382?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.25.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.25.3" } ], "aliases": [ "CVE-2022-28508", "GHSA-wfg2-2wmw-6894" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hxaw-gp24-9kfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43848?format=api", "vulnerability_id": "VCID-hz9e-tmbf-uydt", "summary": "MantisBT allows XSS via the Manage Filter page\nA cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17782", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39023", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38935", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17782" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/72ab020a42a35fd341e983a25849f8277bb34044", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/72ab020a42a35fd341e983a25849f8277bb34044" }, { "reference_url": "https://mantisbt.org/blog/archives/mantisbt/613", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/blog/archives/mantisbt/613" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=24813", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=24813" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17782", "reference_id": "CVE-2018-17782", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17782" }, { "reference_url": "https://github.com/advisories/GHSA-ggjm-7m5f-7xjv", "reference_id": "GHSA-ggjm-7m5f-7xjv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-ggjm-7m5f-7xjv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62992?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.17.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-1nq1-6hwz-7kcq" }, { "vulnerability": "VCID-1v33-u5bm-pyem" }, { "vulnerability": "VCID-5mtg-nbrw-jyhp" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8cnw-f9a5-aygc" }, { "vulnerability": "VCID-8hsn-cvrk-1uh5" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-fwyx-hjd4-b7hh" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jqsn-z754-57ek" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-kh1w-q4tc-6yhd" }, { "vulnerability": "VCID-m956-44xf-2qfz" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-qazy-c4se-fyfb" }, { "vulnerability": "VCID-smvy-4xzy-4fbq" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-w3u1-um27-1uay" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.17.2" } ], "aliases": [ "CVE-2018-17782", "GHSA-ggjm-7m5f-7xjv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hz9e-tmbf-uydt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54776?format=api", "vulnerability_id": "VCID-jpyg-rbg3-rybh", "summary": "MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor\nIf an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the link, link label, and tooltip.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34080", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52533", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34080" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/0a50562369d823689c9b946066d1e49d3c2df226", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-13T18:31:57Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/0a50562369d823689c9b946066d1e49d3c2df226" }, { "reference_url": "https://github.com/mantisbt/mantisbt/pull/2000", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-13T18:31:57Z/" } ], "url": "https://github.com/mantisbt/mantisbt/pull/2000" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=34434", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-13T18:31:57Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=34434" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34080", "reference_id": "CVE-2024-34080", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34080" }, { "reference_url": "https://github.com/advisories/GHSA-99jc-wqmr-ff2q", "reference_id": "GHSA-99jc-wqmr-ff2q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-99jc-wqmr-ff2q" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-99jc-wqmr-ff2q", "reference_id": "GHSA-99jc-wqmr-ff2q", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-13T18:31:57Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-99jc-wqmr-ff2q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81243?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.26.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.26.2" } ], "aliases": [ "CVE-2024-34080", "GHSA-99jc-wqmr-ff2q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jpyg-rbg3-rybh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112383?format=api", "vulnerability_id": "VCID-jqsn-z754-57ek", "summary": "MantisBT unauthorized users able to access private files\nAn issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.", "references": [ { "reference_url": "http://github.com/mantisbt/mantisbt/commit/5595c90f11c48164331a20bb9c66098980516e93", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/mantisbt/mantisbt/commit/5595c90f11c48164331a20bb9c66098980516e93" }, { "reference_url": "http://github.com/mantisbt/mantisbt/commit/9de20c09e5a557e57159a61657ce62f1a4f578fe", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/mantisbt/mantisbt/commit/9de20c09e5a557e57159a61657ce62f1a4f578fe" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25781", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49442", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49381", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25781" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=27039", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=27039" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25781", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25781" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150408?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.24.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-5mtg-nbrw-jyhp" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8hsn-cvrk-1uh5" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-fwyx-hjd4-b7hh" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-kh1w-q4tc-6yhd" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-qazy-c4se-fyfb" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-w3u1-um27-1uay" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.24.3" } ], "aliases": [ "CVE-2020-25781", "GHSA-xjmx-cprh-646r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jqsn-z754-57ek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46222?format=api", "vulnerability_id": "VCID-jtj9-ccw1-8kd1", "summary": "MantisBT may disclose project names to unauthorized users\nDue to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44394", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00491", "scoring_system": "epss", "scoring_elements": "0.65991", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44394" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/65c44883f9d24f3ccef066fb523c93d8fdd7afc1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T18:58:41Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/65c44883f9d24f3ccef066fb523c93d8fdd7afc1" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=32981", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T18:58:41Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=32981" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44394", "reference_id": "CVE-2023-44394", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44394" }, { "reference_url": "https://github.com/advisories/GHSA-v642-mh27-8j6m", "reference_id": "GHSA-v642-mh27-8j6m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v642-mh27-8j6m" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-v642-mh27-8j6m", "reference_id": "GHSA-v642-mh27-8j6m", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T18:58:41Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-v642-mh27-8j6m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67377?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.25.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.25.8" } ], "aliases": [ "CVE-2023-44394", "GHSA-v642-mh27-8j6m" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jtj9-ccw1-8kd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42958?format=api", "vulnerability_id": "VCID-kh1w-q4tc-6yhd", "summary": "MantisBT Insufficient Session Expiration cookie string not reset after logout\nAn issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as them.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-20001", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34153", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34053", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-20001" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/79a78c09d5ef5ce098adc73f6f1416f00fc238a5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/79a78c09d5ef5ce098adc73f6f1416f00fc238a5" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=11296", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=11296" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=27976", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=27976" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-20001", "reference_id": "CVE-2009-20001", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-20001" }, { "reference_url": "https://github.com/advisories/GHSA-jm72-67rm-763j", "reference_id": "GHSA-jm72-67rm-763j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jm72-67rm-763j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61471?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.24.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.24.5" } ], "aliases": [ "CVE-2009-20001", "GHSA-jm72-67rm-763j" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kh1w-q4tc-6yhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112173?format=api", "vulnerability_id": "VCID-m956-44xf-2qfz", "summary": "MantisBT allows cross-site scripting (XSS) via crafted filename\nThe Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed for any user having visibility to the issue, whenever My View Page is displayed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15074", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00745", "scoring_system": "epss", "scoring_elements": "0.73398", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00745", "scoring_system": "epss", "scoring_elements": "0.73434", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15074" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/9cee1971c498bbe0a72bca1c773fae50171d8c27", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/9cee1971c498bbe0a72bca1c773fae50171d8c27" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=25995", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=25995" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15074", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15074" }, { "reference_url": "https://github.com/advisories/GHSA-gg4j-279j-22ph", "reference_id": "GHSA-gg4j-279j-22ph", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gg4j-279j-22ph" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/155160?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.21.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-1nq1-6hwz-7kcq" }, { "vulnerability": "VCID-1v33-u5bm-pyem" }, { "vulnerability": "VCID-5mtg-nbrw-jyhp" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8cnw-f9a5-aygc" }, { "vulnerability": "VCID-8hsn-cvrk-1uh5" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-fwyx-hjd4-b7hh" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jqsn-z754-57ek" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-kh1w-q4tc-6yhd" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-qazy-c4se-fyfb" }, { "vulnerability": "VCID-smvy-4xzy-4fbq" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-w3u1-um27-1uay" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.21.2" } ], "aliases": [ "CVE-2019-15074", "GHSA-gg4j-279j-22ph" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m956-44xf-2qfz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54779?format=api", "vulnerability_id": "VCID-mubw-sf3f-n3fg", "summary": "Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting\nImproper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when:\n- resolving or closing issues (bug_change_status_page.php) belonging to a project linking said custom field\n- viewing issues (view_all_bug_page.php) when the custom field is displayed as a column\n- printing issues (print_all_bug_page.php) when the custom field is displayed as a column", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34081", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53692", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34081" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/447a521aae0f82f791b8116a14a20e276df739be", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T19:02:37Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/447a521aae0f82f791b8116a14a20e276df739be" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=34432", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T19:02:37Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=34432" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34081", "reference_id": "CVE-2024-34081", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34081" }, { "reference_url": "https://github.com/advisories/GHSA-wgx7-jp56-65mq", "reference_id": "GHSA-wgx7-jp56-65mq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wgx7-jp56-65mq" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-wgx7-jp56-65mq", "reference_id": "GHSA-wgx7-jp56-65mq", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T19:02:37Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-wgx7-jp56-65mq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81243?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.26.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.26.2" } ], "aliases": [ "CVE-2024-34081", "GHSA-wgx7-jp56-65mq" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mubw-sf3f-n3fg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48325?format=api", "vulnerability_id": "VCID-n3nu-aawj-s7af", "summary": "MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling\nDue to an incorrect use of loose (`==`) instead of strict (`===`) comparison in the [authentication code][1], PHP type juggling will cause interpretation of certain MD5 hashes as numbers, specifically those matching scientific notation.\n\n[1]: https://github.com/mantisbt/mantisbt/blob/0fb502dd613991e892ed2224ac5ea3e40ba632bc/core/authentication_api.php#L782", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.2698", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47776" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/blob/0fb502dd613991e892ed2224ac5ea3e40ba632bc/core/authentication_api.php#L782", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/blob/0fb502dd613991e892ed2224ac5ea3e40ba632bc/core/authentication_api.php#L782" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/966554a19cf1bdbcfbfb3004766979faa748f9a2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-04T20:41:52Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/966554a19cf1bdbcfbfb3004766979faa748f9a2" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=35967", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=35967" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47776", "reference_id": "CVE-2025-47776", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47776" }, { "reference_url": "https://github.com/advisories/GHSA-4v8w-gg5j-ph37", "reference_id": "GHSA-4v8w-gg5j-ph37", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4v8w-gg5j-ph37" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-4v8w-gg5j-ph37", "reference_id": "GHSA-4v8w-gg5j-ph37", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-04T20:41:52Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-4v8w-gg5j-ph37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71320?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.27.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-843s-1vx7-nueb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.27.2" } ], "aliases": [ "CVE-2025-47776", "GHSA-4v8w-gg5j-ph37" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n3nu-aawj-s7af" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111792?format=api", "vulnerability_id": "VCID-qazy-c4se-fyfb", "summary": "MantisBT Insecure Storage in manage_proj_edit_page.php\nIn manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29603", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41482", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41557", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29603" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/cff10f266f67e2da3060ea4d0b9ecbb29c21b869", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/cff10f266f67e2da3060ea4d0b9ecbb29c21b869" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=27357", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=27357" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=27726", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=27726" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29603", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29603" }, { "reference_url": "https://github.com/advisories/GHSA-qpj5-f88q-x7px", "reference_id": "GHSA-qpj5-f88q-x7px", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qpj5-f88q-x7px" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/152011?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.24.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-kh1w-q4tc-6yhd" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.24.4" } ], "aliases": [ "CVE-2020-29603", "GHSA-qpj5-f88q-x7px" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qazy-c4se-fyfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44174?format=api", "vulnerability_id": "VCID-qmgr-sz7u-7kam", "summary": "MantisBT vulnerable to XSS via unsanitized filter field in manage_user_page.php\nAn XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2017/08/01/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2017/08/01/1" }, { "reference_url": "http://openwall.com/lists/oss-security/2017/08/01/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2017/08/01/2" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12062", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.73333", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.73369", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12062" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/9b5b71dadbeeeec27efea59f562ac5bd6d2673b7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/9b5b71dadbeeeec27efea59f562ac5bd6d2673b7" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=23166", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=23166" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12062", "reference_id": "CVE-2017-12062", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12062" }, { "reference_url": "https://github.com/advisories/GHSA-w93w-rx52-24qh", "reference_id": "GHSA-w93w-rx52-24qh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-w93w-rx52-24qh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62831?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-1nq1-6hwz-7kcq" }, { "vulnerability": "VCID-1v33-u5bm-pyem" }, { "vulnerability": "VCID-516n-s5ts-eyg8" }, { "vulnerability": "VCID-5mtg-nbrw-jyhp" }, { "vulnerability": "VCID-6tnt-m23j-pyhv" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8cnw-f9a5-aygc" }, { "vulnerability": "VCID-8hsn-cvrk-1uh5" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-dy4y-w8g5-9udt" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-fwyx-hjd4-b7hh" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-hz9e-tmbf-uydt" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jqsn-z754-57ek" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-kh1w-q4tc-6yhd" }, { "vulnerability": "VCID-m956-44xf-2qfz" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-qazy-c4se-fyfb" }, { "vulnerability": "VCID-smvy-4xzy-4fbq" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-w3u1-um27-1uay" }, { "vulnerability": "VCID-x9k5-hczy-u3cd" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.5.2" } ], "aliases": [ "CVE-2017-12062", "GHSA-w93w-rx52-24qh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qmgr-sz7u-7kam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111619?format=api", "vulnerability_id": "VCID-smvy-4xzy-4fbq", "summary": "MantisBT XSS issue on the view_all_bug_page.php\nAn XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on view_all_bug_page.php allows a remote attacker to inject arbitrary HTML into the page by saving it into a text Custom Field, leading to possible code execution in the browser of any user subsequently viewing the issue (if CSP settings allow it).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-16266", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50963", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51025", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-16266" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/9ef8f23a8119221d010251112b1255630a46d903", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/9ef8f23a8119221d010251112b1255630a46d903" }, { "reference_url": "https://mantisbt.org/blog/archives/mantisbt/665", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/blog/archives/mantisbt/665" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=27056", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=27056" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16266", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16266" }, { "reference_url": "https://github.com/advisories/GHSA-4rrc-5vp6-m3f6", "reference_id": "GHSA-4rrc-5vp6-m3f6", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4rrc-5vp6-m3f6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/153171?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.24.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-1nq1-6hwz-7kcq" }, { "vulnerability": "VCID-5mtg-nbrw-jyhp" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8hsn-cvrk-1uh5" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-fwyx-hjd4-b7hh" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jqsn-z754-57ek" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-kh1w-q4tc-6yhd" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-qazy-c4se-fyfb" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-ubun-zdjr-7uem" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-w3u1-um27-1uay" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.24.2" } ], "aliases": [ "CVE-2020-16266", "GHSA-4rrc-5vp6-m3f6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-smvy-4xzy-4fbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110953?format=api", "vulnerability_id": "VCID-stgp-f24d-qqdp", "summary": "MantisBT XSS in manage_custom_field_update.php\nAn issue was discovered in MantisBT through 2.24.3. In the helper_ensure_confirmed call in manage_custom_field_update.php, the custom field name is not sanitized. This may be problematic depending on CSP settings.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35571", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52244", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52304", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35571" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/100c3d58c3f6f12b7a6cf97fba473ede521f20db", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/100c3d58c3f6f12b7a6cf97fba473ede521f20db" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=27768", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=27768" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35571", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35571" }, { "reference_url": "https://github.com/advisories/GHSA-cvrm-cr3m-qj92", "reference_id": "GHSA-cvrm-cr3m-qj92", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cvrm-cr3m-qj92" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150413?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.25.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.25.0" } ], "aliases": [ "CVE-2020-35571", "GHSA-cvrm-cr3m-qj92" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-stgp-f24d-qqdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110568?format=api", "vulnerability_id": "VCID-uk44-j13d-43ce", "summary": "MantisBT XSS through crafted SVG documents in file_download.php\nAn XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download.php opens the SVG document in a browser tab instead of downloading it as a file, causing the JavaScript code to execute.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-33910", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48673", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48734", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-33910" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/266762193fc6c09ffc6b14f5a34c86eae3ebee20", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/266762193fc6c09ffc6b14f5a34c86eae3ebee20" }, { "reference_url": "https://mantisbt.org/blog/archives/mantisbt/719", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/blog/archives/mantisbt/719" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=29135", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=29135" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=30384", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=30384" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33910", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33910" }, { "reference_url": "https://github.com/advisories/GHSA-qghg-v7xv-q98q", "reference_id": "GHSA-qghg-v7xv-q98q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qghg-v7xv-q98q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64053?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.25.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.25.5" } ], "aliases": [ "CVE-2022-33910", "GHSA-qghg-v7xv-q98q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uk44-j13d-43ce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42922?format=api", "vulnerability_id": "VCID-uyk7-6syy-m7c3", "summary": "MantisBT CSV Injection unprivileged user access in csv_export.php\nLack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43257", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00724", "scoring_system": "epss", "scoring_elements": "0.72964", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00724", "scoring_system": "epss", "scoring_elements": "0.72927", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43257" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/7f4534c723e3162b8784aebda4836324041dbc3e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/7f4534c723e3162b8784aebda4836324041dbc3e" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/99eb8d41cbacc703f88807898dcc9ac55eec0f15", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/99eb8d41cbacc703f88807898dcc9ac55eec0f15" }, { "reference_url": "https://www.mantisbt.org/bugs/view.php?id=29130", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mantisbt.org/bugs/view.php?id=29130" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43257", "reference_id": "CVE-2021-43257", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43257" }, { "reference_url": "https://github.com/advisories/GHSA-rg8f-5p7x-m6wv", "reference_id": "GHSA-rg8f-5p7x-m6wv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rg8f-5p7x-m6wv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61382?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.25.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.25.3" } ], "aliases": [ "CVE-2021-43257", "GHSA-rg8f-5p7x-m6wv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uyk7-6syy-m7c3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42919?format=api", "vulnerability_id": "VCID-uzm1-jgsr-ufeg", "summary": "MantisBT vulnerable to XSS due to improper escape in manage_plugin_page.php and manage_plugin_uninstall.php\nAn XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code (if CSP allows it) in manage_plugin_page.php and manage_plugin_uninstall.php when a crafted plugin is installed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26144", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00522", "scoring_system": "epss", "scoring_elements": "0.67249", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00522", "scoring_system": "epss", "scoring_elements": "0.6729", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26144" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/a7751c3e318011ca1314bc1cfea200d53e0dfff6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/a7751c3e318011ca1314bc1cfea200d53e0dfff6" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=29688", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=29688" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26144", "reference_id": "CVE-2022-26144", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26144" }, { "reference_url": "https://github.com/advisories/GHSA-rqgj-rqfr-5j6f", "reference_id": "GHSA-rqgj-rqfr-5j6f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rqgj-rqfr-5j6f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61382?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.25.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.25.3" } ], "aliases": [ "CVE-2022-26144", "GHSA-rqgj-rqfr-5j6f" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uzm1-jgsr-ufeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111624?format=api", "vulnerability_id": "VCID-w3u1-um27-1uay", "summary": "MantisBT SQL Injection via mc_project_get_users function\nIn MantisBT 2.24.3, SQL Injection can occur in the parameter \"access\" of the mc_project_get_users function through the API SOAP.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/160750/Mantis-Bug-Tracker-2.24.3-SQL-Injection.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/160750/Mantis-Bug-Tracker-2.24.3-SQL-Injection.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28413", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01737", "scoring_system": "epss", "scoring_elements": "0.82856", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01737", "scoring_system": "epss", "scoring_elements": "0.82829", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28413" }, { "reference_url": "https://ethicalhcop.medium.com/cve-2020-28413-blind-sql-injection-en-mantis-bug-tracker-2-24-3-api-soap-54238f8e046d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://ethicalhcop.medium.com/cve-2020-28413-blind-sql-injection-en-mantis-bug-tracker-2-24-3-api-soap-54238f8e046d" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/3e37b4041bf76422541836a424ca71bc4a660247", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/3e37b4041bf76422541836a424ca71bc4a660247" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28413", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28413" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/49340.py", "reference_id": "CVE-2020-28413", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/49340.py" }, { "reference_url": "https://github.com/advisories/GHSA-49w9-82cj-xr48", "reference_id": "GHSA-49w9-82cj-xr48", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-49w9-82cj-xr48" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/152011?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.24.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-kh1w-q4tc-6yhd" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.24.4" } ], "aliases": [ "CVE-2020-28413", "GHSA-49w9-82cj-xr48" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w3u1-um27-1uay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44042?format=api", "vulnerability_id": "VCID-x9k5-hczy-u3cd", "summary": "MantisBT allows XSS via View Filters page\nA cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO.", "references": [ { "reference_url": "http://github.com/mantisbt/mantisbt/commit/4efac90ed89a5c009108b641e2e95683791a165a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/mantisbt/mantisbt/commit/4efac90ed89a5c009108b641e2e95683791a165a" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-13055", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00349", "scoring_system": "epss", "scoring_elements": "0.57725", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00349", "scoring_system": "epss", "scoring_elements": "0.57674", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-13055" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://mantisbt.org/blog/archives/mantisbt/602", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/blog/archives/mantisbt/602" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=24580", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=24580" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13055", "reference_id": "CVE-2018-13055", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13055" }, { "reference_url": "https://github.com/advisories/GHSA-mjp7-97w4-jwhc", "reference_id": "GHSA-mjp7-97w4-jwhc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mjp7-97w4-jwhc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63083?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.15.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-1nq1-6hwz-7kcq" }, { "vulnerability": "VCID-1v33-u5bm-pyem" }, { "vulnerability": "VCID-516n-s5ts-eyg8" }, { "vulnerability": "VCID-5mtg-nbrw-jyhp" }, { "vulnerability": "VCID-6tnt-m23j-pyhv" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8cnw-f9a5-aygc" }, { "vulnerability": "VCID-8hsn-cvrk-1uh5" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-fwyx-hjd4-b7hh" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-hz9e-tmbf-uydt" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jqsn-z754-57ek" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-kh1w-q4tc-6yhd" }, { "vulnerability": "VCID-m956-44xf-2qfz" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-qazy-c4se-fyfb" }, { "vulnerability": "VCID-smvy-4xzy-4fbq" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-w3u1-um27-1uay" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.15.1" } ], "aliases": [ "CVE-2018-13055", "GHSA-mjp7-97w4-jwhc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x9k5-hczy-u3cd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111035?format=api", "vulnerability_id": "VCID-xz9f-ksj8-3bhk", "summary": "MantisBT vulnerable to CSRF and Open Redirect attacks\nMantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \\/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI.", "references": [ { "reference_url": "http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7620", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55837", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.5578", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7620" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/2d2309a384bcd9d4b6d7d2928e8ded2c46d2d7b0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/2d2309a384bcd9d4b6d7d2928e8ded2c46d2d7b0" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/8b6787c8d321ee0ced5fb74ac3f34b67b4b7b26c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/8b6787c8d321ee0ced5fb74ac3f34b67b4b7b26c" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/c4f50e5df6b189abb1d717a5f7dbab5cbfef8165", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/c4f50e5df6b189abb1d717a5f7dbab5cbfef8165" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=22702", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=22702" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=22816", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=22816" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7620", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7620" }, { "reference_url": "https://www.exploit-db.com/exploits/42043", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/42043" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/42043.txt", "reference_id": "CVE-2017-7620", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/42043.txt" }, { "reference_url": "https://github.com/advisories/GHSA-9x76-mp7r-2xc5", "reference_id": "GHSA-9x76-mp7r-2xc5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9x76-mp7r-2xc5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150795?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-1nq1-6hwz-7kcq" }, { "vulnerability": "VCID-1v33-u5bm-pyem" }, { "vulnerability": "VCID-516n-s5ts-eyg8" }, { "vulnerability": "VCID-5mtg-nbrw-jyhp" }, { "vulnerability": "VCID-6tnt-m23j-pyhv" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8cnw-f9a5-aygc" }, { "vulnerability": "VCID-8hsn-cvrk-1uh5" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-dy4y-w8g5-9udt" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-fwyx-hjd4-b7hh" }, { "vulnerability": "VCID-gnd3-529f-ube6" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-hz9e-tmbf-uydt" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jqsn-z754-57ek" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-kh1w-q4tc-6yhd" }, { "vulnerability": "VCID-m956-44xf-2qfz" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-qazy-c4se-fyfb" }, { "vulnerability": "VCID-qmgr-sz7u-7kam" }, { "vulnerability": "VCID-smvy-4xzy-4fbq" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-w3u1-um27-1uay" }, { "vulnerability": "VCID-x9k5-hczy-u3cd" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/150796?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-1nq1-6hwz-7kcq" }, { "vulnerability": "VCID-1v33-u5bm-pyem" }, { "vulnerability": "VCID-516n-s5ts-eyg8" }, { "vulnerability": "VCID-5mtg-nbrw-jyhp" }, { "vulnerability": "VCID-6tnt-m23j-pyhv" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8cnw-f9a5-aygc" }, { "vulnerability": "VCID-8hsn-cvrk-1uh5" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-dy4y-w8g5-9udt" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-fwyx-hjd4-b7hh" }, { "vulnerability": "VCID-gnd3-529f-ube6" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-hz9e-tmbf-uydt" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jqsn-z754-57ek" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-kh1w-q4tc-6yhd" }, { "vulnerability": "VCID-m956-44xf-2qfz" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-qazy-c4se-fyfb" }, { "vulnerability": "VCID-qmgr-sz7u-7kam" }, { "vulnerability": "VCID-smvy-4xzy-4fbq" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-w3u1-um27-1uay" }, { "vulnerability": "VCID-x9k5-hczy-u3cd" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.4.1" } ], "aliases": [ "CVE-2017-7620", "GHSA-9x76-mp7r-2xc5" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xz9f-ksj8-3bhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111224?format=api", "vulnerability_id": "VCID-y7ms-qz8n-3ugn", "summary": "MantisBT allows XSS in manage_custom_field_edit_page.php\nAn XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33557", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0093", "scoring_system": "epss", "scoring_elements": "0.76475", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0093", "scoring_system": "epss", "scoring_elements": "0.76504", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33557" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/03dd37221e636f8959b8cb9fbad84f38f9582356", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/03dd37221e636f8959b8cb9fbad84f38f9582356" }, { "reference_url": "https://mantisbt.org/blog/archives/mantisbt/699", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/blog/archives/mantisbt/699" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=28552", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=28552" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33557", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33557" }, { "reference_url": "https://github.com/advisories/GHSA-52cx-vphc-jmjm", "reference_id": "GHSA-52cx-vphc-jmjm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-52cx-vphc-jmjm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61979?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.25.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.25.2" } ], "aliases": [ "CVE-2021-33557", "GHSA-52cx-vphc-jmjm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y7ms-qz8n-3ugn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44522?format=api", "vulnerability_id": "VCID-ybzq-wt16-3bc2", "summary": "MantisBT may expose private issues' summaries to unauthorized users\nMantis Bug Tracker (MantisBT) is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the _Summary_ field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted `bug_arr[]` parameter in *bug_actiongroup_ext.php*. This issue is fixed in version 2.25.6. There are no workarounds.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22476", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42019", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42093", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22476" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=31086", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=31086" }, { "reference_url": "https://github.com/advisories/GHSA-hf4x-6h87-hm79", "reference_id": "GHSA-hf4x-6h87-hm79", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hf4x-6h87-hm79" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-hf4x-6h87-hm79", "reference_id": "GHSA-hf4x-6h87-hm79", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:04Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-hf4x-6h87-hm79" }, { "reference_url": "https://www.mantisbt.org/bugs/view.php?id=31086", "reference_id": "view.php?id=31086", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:04Z/" } ], "url": "https://www.mantisbt.org/bugs/view.php?id=31086" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64054?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.25.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.25.6" } ], "aliases": [ "CVE-2023-22476", "GHSA-hf4x-6h87-hm79" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ybzq-wt16-3bc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48326?format=api", "vulnerability_id": "VCID-yhf6-qthy-nqb2", "summary": "MantisBT unauthorized disclosure of private project column configuration\nDue to insufficient access-level checks, any non-admin user having access to _manage_config_columns_page.php_ (typically project managers having MANAGER role) can use the _Copy From_ action to retrieve the columns configuration from a private project they have no access to.\n\nAccess to the reverse operation (_Copy To_) is correctly controlled, i.e. it is not possible to alter the private project's configuration.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62520", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14158", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62520" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/4fe94f45fa2baea2aeb4b65781d2009e7b4a0bf3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-04T21:44:26Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/4fe94f45fa2baea2aeb4b65781d2009e7b4a0bf3" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=36502", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-04T21:44:26Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=36502" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62520", "reference_id": "CVE-2025-62520", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62520" }, { "reference_url": "https://github.com/advisories/GHSA-g582-8vwr-68h2", "reference_id": "GHSA-g582-8vwr-68h2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g582-8vwr-68h2" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-g582-8vwr-68h2", "reference_id": "GHSA-g582-8vwr-68h2", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-04T21:44:26Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-g582-8vwr-68h2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71320?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.27.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-843s-1vx7-nueb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.27.2" } ], "aliases": [ "CVE-2025-62520", "GHSA-g582-8vwr-68h2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yhf6-qthy-nqb2" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111032?format=api", "vulnerability_id": "VCID-cryg-7p4f-xyhh", "summary": "MantisBT XSS via my_view_page.php and view_user_page.php\nA cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x before 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote attackers to inject arbitrary code (if CSP settings permit it) through crafted PATH_INFO in a URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7897", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48703", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48642", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7897" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/a1c719313d61b07bbe8700005807b8195fdc32f1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/a1c719313d61b07bbe8700005807b8195fdc32f1" }, { "reference_url": "https://github.com/mantisbt/mantisbt/pull/1094", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/pull/1094" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7897", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7897" }, { "reference_url": "http://www.mantisbt.org/bugs/view.php?id=22742", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.mantisbt.org/bugs/view.php?id=22742" }, { "reference_url": "https://github.com/advisories/GHSA-8r2m-qhff-jm2c", "reference_id": "GHSA-8r2m-qhff-jm2c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8r2m-qhff-jm2c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150792?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-1nq1-6hwz-7kcq" }, { "vulnerability": "VCID-1v33-u5bm-pyem" }, { "vulnerability": "VCID-516n-s5ts-eyg8" }, { "vulnerability": "VCID-5mtg-nbrw-jyhp" }, { "vulnerability": "VCID-6tnt-m23j-pyhv" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8cnw-f9a5-aygc" }, { "vulnerability": "VCID-8hsn-cvrk-1uh5" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-dy4y-w8g5-9udt" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-fwyx-hjd4-b7hh" }, { "vulnerability": "VCID-gnd3-529f-ube6" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-hz9e-tmbf-uydt" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jqsn-z754-57ek" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-kh1w-q4tc-6yhd" }, { "vulnerability": "VCID-m956-44xf-2qfz" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-qazy-c4se-fyfb" }, { "vulnerability": "VCID-qmgr-sz7u-7kam" }, { "vulnerability": "VCID-smvy-4xzy-4fbq" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-w3u1-um27-1uay" }, { "vulnerability": "VCID-x9k5-hczy-u3cd" }, { "vulnerability": "VCID-xz9f-ksj8-3bhk" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.3.2" } ], "aliases": [ "CVE-2017-7897", "GHSA-8r2m-qhff-jm2c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cryg-7p4f-xyhh" } ], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.3.2" }