Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/62700?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/62700?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.0.0", "type": "composer", "namespace": "mantisbt", "name": "mantisbt", "version": "2.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.28.2", "latest_non_vulnerable_version": "2.28.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112321?format=api", "vulnerability_id": "VCID-1v33-u5bm-pyem", "summary": "MantisBT Remote Code Execution\nMantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/159219/Mantis-Bug-Tracker-2.3.0-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/159219/Mantis-Bug-Tracker-2.3.0-Remote-Code-Execution.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15715", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.2133", "scoring_system": "epss", "scoring_elements": "0.95805", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.2133", "scoring_system": "epss", "scoring_elements": "0.95803", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.2133", "scoring_system": "epss", "scoring_elements": "0.95799", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.2133", "scoring_system": "epss", "scoring_elements": "0.95795", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15715" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/5fb979604d88c630343b3eaf2b435cd41918c501", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/5fb979604d88c630343b3eaf2b435cd41918c501" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/7092573fac31eff41823f13540324db167c8bd52", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/7092573fac31eff41823f13540324db167c8bd52" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/cebfb9acb3686e8904d80bd4bc80720b54ba08e5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/cebfb9acb3686e8904d80bd4bc80720b54ba08e5" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/fc7668c8e45db55fc3a4b991ea99d2b80861a14c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/fc7668c8e45db55fc3a4b991ea99d2b80861a14c" }, { "reference_url": "https://mantisbt.org/bugs/changelog_page.php?project=mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/changelog_page.php?project=mantisbt" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=26091", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=26091" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=26162", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=26162" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15715", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15715" }, { "reference_url": "https://github.com/advisories/GHSA-v23g-wjvq-2fpf", "reference_id": "GHSA-v23g-wjvq-2fpf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v23g-wjvq-2fpf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/155615?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.22.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-1nq1-6hwz-7kcq" }, { "vulnerability": "VCID-5mtg-nbrw-jyhp" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8hsn-cvrk-1uh5" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-fwyx-hjd4-b7hh" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jqsn-z754-57ek" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-kh1w-q4tc-6yhd" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-qazy-c4se-fyfb" }, { "vulnerability": "VCID-smvy-4xzy-4fbq" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-w3u1-um27-1uay" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.22.1" } ], "aliases": [ "CVE-2019-15715", "GHSA-v23g-wjvq-2fpf" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1v33-u5bm-pyem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111076?format=api", "vulnerability_id": "VCID-7rw5-pdgb-nqhd", "summary": "MantisBT XSS via adm_config_report.php's action parameter\nA cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6973", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00624", "scoring_system": "epss", "scoring_elements": "0.70581", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00624", "scoring_system": "epss", "scoring_elements": "0.70599", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00624", "scoring_system": "epss", "scoring_elements": "0.7059", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00624", "scoring_system": "epss", "scoring_elements": "0.70548", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6973" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/034cd07b47af37366fc7b726cb4a4f971d3d3fb9", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/034cd07b47af37366fc7b726cb4a4f971d3d3fb9" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/15e52e84c389afe8b03ed3cdb59b6549257ed197", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/15e52e84c389afe8b03ed3cdb59b6549257ed197" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/da74c5aa02bcf21cfaab1180f892c22415e5fea6", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/da74c5aa02bcf21cfaab1180f892c22415e5fea6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6973", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6973" }, { "reference_url": "http://www.mantisbt.org/bugs/view.php?id=22537", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.mantisbt.org/bugs/view.php?id=22537" }, { "reference_url": "https://github.com/advisories/GHSA-v7qf-22rw-chph", "reference_id": "GHSA-v7qf-22rw-chph", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v7qf-22rw-chph" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/151098?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/151099?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.2.2" } ], "aliases": [ "CVE-2017-6973", "GHSA-v7qf-22rw-chph" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7rw5-pdgb-nqhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43899?format=api", "vulnerability_id": "VCID-dy4y-w8g5-9udt", "summary": "MantisBT allows XSS on the Edit Filter page via crafted filter name\nAn issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'foobar\" onclick=\"alert(1)').", "references": [ { "reference_url": "http://github.com/mantisbt/mantisbt/commit/8b5fa243dbf04344a55fe880135ec149fc1f439f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/mantisbt/mantisbt/commit/8b5fa243dbf04344a55fe880135ec149fc1f439f" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14504", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00482", "scoring_system": "epss", "scoring_elements": "0.6557", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00482", "scoring_system": "epss", "scoring_elements": "0.65559", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00482", "scoring_system": "epss", "scoring_elements": "0.65507", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14504" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://mantisbt.org/blog/archives/mantisbt/602", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/blog/archives/mantisbt/602" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=24608", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=24608" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14504", "reference_id": "CVE-2018-14504", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14504" }, { "reference_url": "https://github.com/advisories/GHSA-74gh-5j33-vg4w", "reference_id": "GHSA-74gh-5j33-vg4w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-74gh-5j33-vg4w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63083?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.15.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-1nq1-6hwz-7kcq" }, { "vulnerability": "VCID-1v33-u5bm-pyem" }, { "vulnerability": "VCID-516n-s5ts-eyg8" }, { "vulnerability": "VCID-5mtg-nbrw-jyhp" }, { "vulnerability": "VCID-6tnt-m23j-pyhv" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8cnw-f9a5-aygc" }, { "vulnerability": "VCID-8hsn-cvrk-1uh5" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-fwyx-hjd4-b7hh" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-hz9e-tmbf-uydt" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jqsn-z754-57ek" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-kh1w-q4tc-6yhd" }, { "vulnerability": "VCID-m956-44xf-2qfz" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-qazy-c4se-fyfb" }, { "vulnerability": "VCID-smvy-4xzy-4fbq" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-w3u1-um27-1uay" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.15.1" } ], "aliases": [ "CVE-2018-14504", "GHSA-74gh-5j33-vg4w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dy4y-w8g5-9udt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43675?format=api", "vulnerability_id": "VCID-f6up-847f-duef", "summary": "MantisBT allows arbitrary password reset\nMantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.", "references": [ { "reference_url": "http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt" }, { "reference_url": "http://packetstormsecurity.com/files/159219/Mantis-Bug-Tracker-2.3.0-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/159219/Mantis-Bug-Tracker-2.3.0-Remote-Code-Execution.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7615", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92451", "scoring_system": "epss", "scoring_elements": "0.99747", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.92451", "scoring_system": "epss", "scoring_elements": "0.99746", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7615" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=22690", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=22690" }, { "reference_url": "https://www.exploit-db.com/exploits/41890", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/41890" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/04/16/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2017/04/16/2" }, { "reference_url": "http://www.securityfocus.com/bid/97707", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/97707" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/41890.txt", "reference_id": "CVE-2017-7615", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/41890.txt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7615", "reference_id": "CVE-2017-7615", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7615" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/48818.py", "reference_id": "CVE-2019-15715;CVE-2017-7615", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/48818.py" }, { "reference_url": "https://github.com/advisories/GHSA-252r-f55f-ff34", "reference_id": "GHSA-252r-f55f-ff34", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-252r-f55f-ff34" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62703?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.2.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/62704?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-1nq1-6hwz-7kcq" }, { "vulnerability": "VCID-1v33-u5bm-pyem" }, { "vulnerability": "VCID-516n-s5ts-eyg8" }, { "vulnerability": "VCID-5mtg-nbrw-jyhp" }, { "vulnerability": "VCID-6tnt-m23j-pyhv" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8cnw-f9a5-aygc" }, { "vulnerability": "VCID-8hsn-cvrk-1uh5" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-cryg-7p4f-xyhh" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-dy4y-w8g5-9udt" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-fwyx-hjd4-b7hh" }, { "vulnerability": "VCID-gnd3-529f-ube6" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-hz9e-tmbf-uydt" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jqsn-z754-57ek" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-kh1w-q4tc-6yhd" }, { "vulnerability": "VCID-m956-44xf-2qfz" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-qazy-c4se-fyfb" }, { "vulnerability": "VCID-qmgr-sz7u-7kam" }, { "vulnerability": "VCID-smvy-4xzy-4fbq" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-w3u1-um27-1uay" }, { "vulnerability": "VCID-x9k5-hczy-u3cd" }, { "vulnerability": "VCID-xz9f-ksj8-3bhk" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.3.1" } ], "aliases": [ "CVE-2017-7615", "GHSA-252r-f55f-ff34" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f6up-847f-duef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43766?format=api", "vulnerability_id": "VCID-gnd3-529f-ube6", "summary": "MantisBT XSS allows unsanitized input via admin/install.php\nAn XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by the $f_database, $f_db_username, and $f_admin_username variables. This is mitigated by the fact that the admin/ folder should be deleted after installation, and also prevented by CSP.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2017/08/01/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2017/08/01/1" }, { "reference_url": "http://openwall.com/lists/oss-security/2017/08/01/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2017/08/01/2" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12061", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01034", "scoring_system": "epss", "scoring_elements": "0.77732", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01034", "scoring_system": "epss", "scoring_elements": "0.77742", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01034", "scoring_system": "epss", "scoring_elements": "0.77735", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01034", "scoring_system": "epss", "scoring_elements": "0.77708", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12061" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/17f9b94f031ba93ae2a727bca0e68458ecd08fb0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/17f9b94f031ba93ae2a727bca0e68458ecd08fb0" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/c73ae3d3d4dd4681489a9e697e8ade785e27cba5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/c73ae3d3d4dd4681489a9e697e8ade785e27cba5" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=23146", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=23146" }, { "reference_url": "https://web.archive.org/web/20170811053146/http://www.securitytracker.com/id/1039030", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170811053146/http://www.securitytracker.com/id/1039030" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12061", "reference_id": "CVE-2017-12061", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12061" }, { "reference_url": "https://github.com/advisories/GHSA-98xr-mmq5-vc5h", "reference_id": "GHSA-98xr-mmq5-vc5h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-98xr-mmq5-vc5h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62831?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-1nq1-6hwz-7kcq" }, { "vulnerability": "VCID-1v33-u5bm-pyem" }, { "vulnerability": "VCID-516n-s5ts-eyg8" }, { "vulnerability": "VCID-5mtg-nbrw-jyhp" }, { "vulnerability": "VCID-6tnt-m23j-pyhv" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8cnw-f9a5-aygc" }, { "vulnerability": "VCID-8hsn-cvrk-1uh5" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-dy4y-w8g5-9udt" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-fwyx-hjd4-b7hh" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-hz9e-tmbf-uydt" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jqsn-z754-57ek" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-kh1w-q4tc-6yhd" }, { "vulnerability": "VCID-m956-44xf-2qfz" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-qazy-c4se-fyfb" }, { "vulnerability": "VCID-smvy-4xzy-4fbq" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-w3u1-um27-1uay" }, { "vulnerability": "VCID-x9k5-hczy-u3cd" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.5.2" } ], "aliases": [ "CVE-2017-12061", "GHSA-98xr-mmq5-vc5h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gnd3-529f-ube6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111504?format=api", "vulnerability_id": "VCID-m7ur-m19k-vba4", "summary": "MantisBT XSS via move_attachments_page.php\nA cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) settings allows it. This is fixed in 1.3.9, 2.1.3, and 2.2.3. Note that this vulnerability is not exploitable if the admin tools directory is removed, as recommended in the \"Post-installation and upgrade tasks\" of the MantisBT Admin Guide. A reminder to do so is also displayed on the login page.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7241", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74473", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74499", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.7451", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74505", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7241" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/2d55c6476e939db021128b3995c28dcae05b09a4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/2d55c6476e939db021128b3995c28dcae05b09a4" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/d31841c806a3c8379fcf6c9d9559451270b0f1cb", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/d31841c806a3c8379fcf6c9d9559451270b0f1cb" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/ecef0e9b523a460709e8feedfce72f05bb30b992", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/ecef0e9b523a460709e8feedfce72f05bb30b992" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7241", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7241" }, { "reference_url": "http://www.mantisbt.org/bugs/view.php?id=22568", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.mantisbt.org/bugs/view.php?id=22568" }, { "reference_url": "https://github.com/advisories/GHSA-x53v-v9xp-gf6g", "reference_id": "GHSA-x53v-v9xp-gf6g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x53v-v9xp-gf6g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63417?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.1.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/63418?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.2.3" } ], "aliases": [ "CVE-2017-7241", "GHSA-x53v-v9xp-gf6g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m7ur-m19k-vba4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44174?format=api", "vulnerability_id": "VCID-qmgr-sz7u-7kam", "summary": "MantisBT vulnerable to XSS via unsanitized filter field in manage_user_page.php\nAn XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2017/08/01/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2017/08/01/1" }, { "reference_url": "http://openwall.com/lists/oss-security/2017/08/01/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2017/08/01/2" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12062", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.7336", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.73333", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.73369", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.73375", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12062" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/9b5b71dadbeeeec27efea59f562ac5bd6d2673b7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/9b5b71dadbeeeec27efea59f562ac5bd6d2673b7" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=23166", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=23166" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12062", "reference_id": "CVE-2017-12062", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12062" }, { "reference_url": "https://github.com/advisories/GHSA-w93w-rx52-24qh", "reference_id": "GHSA-w93w-rx52-24qh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-w93w-rx52-24qh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62831?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-1nq1-6hwz-7kcq" }, { "vulnerability": "VCID-1v33-u5bm-pyem" }, { "vulnerability": "VCID-516n-s5ts-eyg8" }, { "vulnerability": "VCID-5mtg-nbrw-jyhp" }, { "vulnerability": "VCID-6tnt-m23j-pyhv" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8cnw-f9a5-aygc" }, { "vulnerability": "VCID-8hsn-cvrk-1uh5" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-dy4y-w8g5-9udt" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-fwyx-hjd4-b7hh" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-hz9e-tmbf-uydt" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jqsn-z754-57ek" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-kh1w-q4tc-6yhd" }, { "vulnerability": "VCID-m956-44xf-2qfz" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-qazy-c4se-fyfb" }, { "vulnerability": "VCID-smvy-4xzy-4fbq" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-w3u1-um27-1uay" }, { "vulnerability": "VCID-x9k5-hczy-u3cd" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.5.2" } ], "aliases": [ "CVE-2017-12062", "GHSA-w93w-rx52-24qh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qmgr-sz7u-7kam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111035?format=api", "vulnerability_id": "VCID-xz9f-ksj8-3bhk", "summary": "MantisBT vulnerable to CSRF and Open Redirect attacks\nMantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \\/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI.", "references": [ { "reference_url": "http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7620", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55843", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.5578", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55837", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.5583", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7620" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/2d2309a384bcd9d4b6d7d2928e8ded2c46d2d7b0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/2d2309a384bcd9d4b6d7d2928e8ded2c46d2d7b0" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/8b6787c8d321ee0ced5fb74ac3f34b67b4b7b26c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/8b6787c8d321ee0ced5fb74ac3f34b67b4b7b26c" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/c4f50e5df6b189abb1d717a5f7dbab5cbfef8165", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/c4f50e5df6b189abb1d717a5f7dbab5cbfef8165" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=22702", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=22702" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=22816", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=22816" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7620", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7620" }, { "reference_url": "https://www.exploit-db.com/exploits/42043", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/42043" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/42043.txt", "reference_id": "CVE-2017-7620", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/42043.txt" }, { "reference_url": "https://github.com/advisories/GHSA-9x76-mp7r-2xc5", "reference_id": "GHSA-9x76-mp7r-2xc5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9x76-mp7r-2xc5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150795?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-1nq1-6hwz-7kcq" }, { "vulnerability": "VCID-1v33-u5bm-pyem" }, { "vulnerability": "VCID-516n-s5ts-eyg8" }, { "vulnerability": "VCID-5mtg-nbrw-jyhp" }, { "vulnerability": "VCID-6tnt-m23j-pyhv" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8cnw-f9a5-aygc" }, { "vulnerability": "VCID-8hsn-cvrk-1uh5" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-dy4y-w8g5-9udt" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-fwyx-hjd4-b7hh" }, { "vulnerability": "VCID-gnd3-529f-ube6" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-hz9e-tmbf-uydt" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jqsn-z754-57ek" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-kh1w-q4tc-6yhd" }, { "vulnerability": "VCID-m956-44xf-2qfz" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-qazy-c4se-fyfb" }, { "vulnerability": "VCID-qmgr-sz7u-7kam" }, { "vulnerability": "VCID-smvy-4xzy-4fbq" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-w3u1-um27-1uay" }, { "vulnerability": "VCID-x9k5-hczy-u3cd" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/150796?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-1nq1-6hwz-7kcq" }, { "vulnerability": "VCID-1v33-u5bm-pyem" }, { "vulnerability": "VCID-516n-s5ts-eyg8" }, { "vulnerability": "VCID-5mtg-nbrw-jyhp" }, { "vulnerability": "VCID-6tnt-m23j-pyhv" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8cnw-f9a5-aygc" }, { "vulnerability": "VCID-8hsn-cvrk-1uh5" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-dy4y-w8g5-9udt" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-fwyx-hjd4-b7hh" }, { "vulnerability": "VCID-gnd3-529f-ube6" }, { "vulnerability": "VCID-hxaw-gp24-9kfv" }, { "vulnerability": "VCID-hz9e-tmbf-uydt" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jqsn-z754-57ek" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-kh1w-q4tc-6yhd" }, { "vulnerability": "VCID-m956-44xf-2qfz" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-qazy-c4se-fyfb" }, { "vulnerability": "VCID-qmgr-sz7u-7kam" }, { "vulnerability": "VCID-smvy-4xzy-4fbq" }, { "vulnerability": "VCID-stgp-f24d-qqdp" }, { "vulnerability": "VCID-uk44-j13d-43ce" }, { "vulnerability": "VCID-uyk7-6syy-m7c3" }, { "vulnerability": "VCID-uzm1-jgsr-ufeg" }, { "vulnerability": "VCID-w3u1-um27-1uay" }, { "vulnerability": "VCID-x9k5-hczy-u3cd" }, { "vulnerability": "VCID-y7ms-qz8n-3ugn" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.4.1" } ], "aliases": [ "CVE-2017-7620", "GHSA-9x76-mp7r-2xc5" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xz9f-ksj8-3bhk" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.0.0" }