Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/64053?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/64053?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.25.5", "type": "composer", "namespace": "mantisbt", "name": "mantisbt", "version": "2.25.5", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.28.2", "latest_non_vulnerable_version": "2.28.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54783?format=api", "vulnerability_id": "VCID-1n7b-6pyz-cka5", "summary": "Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process\nInsufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending.\n\nThe exploit is only possible while the verification token is valid, i.e for 5 minutes after the confirmation URL sent by e-mail has been opened, and the user did not complete the process by updating their password.\n\nA brute-force attack calling account_update.php with increasing user IDs is possible.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34077", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45324", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34077" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/92d11a01b195a1b6717a2f205218089158ea6d00", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-13T19:51:24Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/92d11a01b195a1b6717a2f205218089158ea6d00" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=34433", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-13T19:51:24Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=34433" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34077", "reference_id": "CVE-2024-34077", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34077" }, { "reference_url": "https://github.com/advisories/GHSA-93x3-m7pw-ppqm", "reference_id": "GHSA-93x3-m7pw-ppqm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-93x3-m7pw-ppqm" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-93x3-m7pw-ppqm", "reference_id": "GHSA-93x3-m7pw-ppqm", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-13T19:51:24Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-93x3-m7pw-ppqm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81243?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.26.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.26.2" } ], "aliases": [ "CVE-2024-34077", "GHSA-93x3-m7pw-ppqm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1n7b-6pyz-cka5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91349?format=api", "vulnerability_id": "VCID-843s-1vx7-nueb", "summary": "MantisBT is vulnerable to authentication bypass through the SOAP API on MySQL\nMantis Bug Tracker instances running on MySQL and compatible databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of improper type checking on the password parameter.\n\nOther database backends are not affected, as they do not perform implicit type conversion from string to integer.\n\n### Impact\nUsing a crafted SOAP envelope, an attacker knowing the victim's username is able to login to the SOAP API with their account without knowledge of the actual password, and execute any API function they have access to.\n\n### Patches\n* b349e5c890eeda9bd82e7c7e14479853f8a30d9f\n\n### Workarounds\n- [Disabling the SOAP API](https://mantisbt.org/docs/master/en-US/Admin_Guide/html-desktop/#admin.config.api.disable) significantly reduces the risk, but still allows the attacker to retrieve user account information including email address and real name.\n\n### Resources\n- https://mantisbt.org/bugs/view.php?id=36902\n\n### Credits\nMantisBT thanks Alexander Philiotis of SynerComm for discovering and responsibly reporting the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30849", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33855", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30849" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/b349e5c890eeda9bd82e7c7e14479853f8a30d9f", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T18:29:55Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/b349e5c890eeda9bd82e7c7e14479853f8a30d9f" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-phrq-pc6r-f6gh", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T18:29:55Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-phrq-pc6r-f6gh" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30849", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30849" }, { "reference_url": "https://github.com/advisories/GHSA-phrq-pc6r-f6gh", "reference_id": "GHSA-phrq-pc6r-f6gh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-phrq-pc6r-f6gh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113501?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.28.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-tndh-byw2-xbh6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.28.1" } ], "aliases": [ "CVE-2026-30849", "GHSA-phrq-pc6r-f6gh" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-843s-1vx7-nueb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55908?format=api", "vulnerability_id": "VCID-8676-5hmd-s3hm", "summary": "MantisBT vulnerable to information disclosure with user profiles\nUsing a crafted POST request, an unprivileged, registered user is able to retrieve information about other users' personal system profiles.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45792", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00663", "scoring_system": "epss", "scoring_elements": "0.71606", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45792" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/56bbd02dc1fb33a8de5898fd17dc3d698c847f55", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/56bbd02dc1fb33a8de5898fd17dc3d698c847f55" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/ef0f820284032350cc20a39ff9cb2010d5463b41", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:31:35Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/ef0f820284032350cc20a39ff9cb2010d5463b41" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=34640", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:31:35Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=34640" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45792", "reference_id": "CVE-2024-45792", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45792" }, { "reference_url": "https://github.com/advisories/GHSA-h5q3-fjp4-2x7r", "reference_id": "GHSA-h5q3-fjp4-2x7r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h5q3-fjp4-2x7r" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-h5q3-fjp4-2x7r", "reference_id": "GHSA-h5q3-fjp4-2x7r", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:31:35Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-h5q3-fjp4-2x7r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82810?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.26.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.26.4" } ], "aliases": [ "CVE-2024-45792", "GHSA-h5q3-fjp4-2x7r" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8676-5hmd-s3hm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48327?format=api", "vulnerability_id": "VCID-8wux-1k2d-sbam", "summary": "MantisBT lacks verification when changing a user's email address\nWhen a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55155", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07861", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55155" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/21e9fbedde8553c29c0d3156e84f78157fc4f22e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-04T21:03:02Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/21e9fbedde8553c29c0d3156e84f78157fc4f22e" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=36005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-04T21:03:02Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=36005" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55155", "reference_id": "CVE-2025-55155", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55155" }, { "reference_url": "https://github.com/advisories/GHSA-q747-c74m-69pr", "reference_id": "GHSA-q747-c74m-69pr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q747-c74m-69pr" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-q747-c74m-69pr", "reference_id": "GHSA-q747-c74m-69pr", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-04T21:03:02Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-q747-c74m-69pr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71320?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.27.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-843s-1vx7-nueb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.27.2" } ], "aliases": [ "CVE-2025-55155", "GHSA-q747-c74m-69pr" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8wux-1k2d-sbam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48324?format=api", "vulnerability_id": "VCID-d3yt-mkwe-33hu", "summary": "MantisBT Vulnerable to Denial-of-Service (DoS) via Excessive Note Length\nA lack of server-side validation for note length in MantisBT allows attackers to permanently corrupt issue activity logs by submitting extremely long notes (tested with 4,788,761 characters). Once such a note is added:", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-46556", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20074", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-46556" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/c99a41272532ba49b5c8dccb7797afead9864234", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-06T20:44:31Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/c99a41272532ba49b5c8dccb7797afead9864234" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/d5cec6bffb44d54bd412c186b9baa409b1aa4238", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-06T20:44:31Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/d5cec6bffb44d54bd412c186b9baa409b1aa4238" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/e9119c68b4a0eaa0bbde3deb121e81f5f7157361", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-06T20:44:31Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/e9119c68b4a0eaa0bbde3deb121e81f5f7157361" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46556", "reference_id": "CVE-2025-46556", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46556" }, { "reference_url": "https://github.com/advisories/GHSA-r3jf-hm7q-qfw5", "reference_id": "GHSA-r3jf-hm7q-qfw5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r3jf-hm7q-qfw5" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-r3jf-hm7q-qfw5", "reference_id": "GHSA-r3jf-hm7q-qfw5", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-06T20:44:31Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-r3jf-hm7q-qfw5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71320?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.27.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-843s-1vx7-nueb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.27.2" } ], "aliases": [ "CVE-2025-46556", "GHSA-r3jf-hm7q-qfw5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d3yt-mkwe-33hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47044?format=api", "vulnerability_id": "VCID-ed8g-bc8k-dkgq", "summary": "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')\nMantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As a workaround, define `$g_path` as appropriate in `config_inc.php`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23830", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01732", "scoring_system": "epss", "scoring_elements": "0.82832", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23830" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/7055731d09ff12b2781410a372f790172e279744", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T16:05:28Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/7055731d09ff12b2781410a372f790172e279744" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=19381", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T16:05:28Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=19381" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23830", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23830" }, { "reference_url": "https://github.com/advisories/GHSA-mcqj-7p29-9528", "reference_id": "GHSA-mcqj-7p29-9528", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mcqj-7p29-9528" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-mcqj-7p29-9528", "reference_id": "GHSA-mcqj-7p29-9528", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T16:05:28Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-mcqj-7p29-9528" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69016?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.26.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.26.1" } ], "aliases": [ "CVE-2024-23830", "GHSA-mcqj-7p29-9528" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ed8g-bc8k-dkgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54776?format=api", "vulnerability_id": "VCID-jpyg-rbg3-rybh", "summary": "MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor\nIf an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the link, link label, and tooltip.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34080", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52533", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34080" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/0a50562369d823689c9b946066d1e49d3c2df226", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-13T18:31:57Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/0a50562369d823689c9b946066d1e49d3c2df226" }, { "reference_url": "https://github.com/mantisbt/mantisbt/pull/2000", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-13T18:31:57Z/" } ], "url": "https://github.com/mantisbt/mantisbt/pull/2000" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=34434", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-13T18:31:57Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=34434" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34080", "reference_id": "CVE-2024-34080", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34080" }, { "reference_url": "https://github.com/advisories/GHSA-99jc-wqmr-ff2q", "reference_id": "GHSA-99jc-wqmr-ff2q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-99jc-wqmr-ff2q" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-99jc-wqmr-ff2q", "reference_id": "GHSA-99jc-wqmr-ff2q", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-13T18:31:57Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-99jc-wqmr-ff2q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81243?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.26.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.26.2" } ], "aliases": [ "CVE-2024-34080", "GHSA-99jc-wqmr-ff2q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jpyg-rbg3-rybh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46222?format=api", "vulnerability_id": "VCID-jtj9-ccw1-8kd1", "summary": "MantisBT may disclose project names to unauthorized users\nDue to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44394", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00491", "scoring_system": "epss", "scoring_elements": "0.65991", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44394" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/65c44883f9d24f3ccef066fb523c93d8fdd7afc1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T18:58:41Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/65c44883f9d24f3ccef066fb523c93d8fdd7afc1" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=32981", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T18:58:41Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=32981" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44394", "reference_id": "CVE-2023-44394", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44394" }, { "reference_url": "https://github.com/advisories/GHSA-v642-mh27-8j6m", "reference_id": "GHSA-v642-mh27-8j6m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v642-mh27-8j6m" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-v642-mh27-8j6m", "reference_id": "GHSA-v642-mh27-8j6m", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T18:58:41Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-v642-mh27-8j6m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67377?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.25.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.25.8" } ], "aliases": [ "CVE-2023-44394", "GHSA-v642-mh27-8j6m" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jtj9-ccw1-8kd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54779?format=api", "vulnerability_id": "VCID-mubw-sf3f-n3fg", "summary": "Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting\nImproper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when:\n- resolving or closing issues (bug_change_status_page.php) belonging to a project linking said custom field\n- viewing issues (view_all_bug_page.php) when the custom field is displayed as a column\n- printing issues (print_all_bug_page.php) when the custom field is displayed as a column", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34081", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53692", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34081" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/447a521aae0f82f791b8116a14a20e276df739be", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T19:02:37Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/447a521aae0f82f791b8116a14a20e276df739be" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=34432", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T19:02:37Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=34432" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34081", "reference_id": "CVE-2024-34081", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34081" }, { "reference_url": "https://github.com/advisories/GHSA-wgx7-jp56-65mq", "reference_id": "GHSA-wgx7-jp56-65mq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wgx7-jp56-65mq" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-wgx7-jp56-65mq", "reference_id": "GHSA-wgx7-jp56-65mq", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T19:02:37Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-wgx7-jp56-65mq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81243?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.26.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.26.2" } ], "aliases": [ "CVE-2024-34081", "GHSA-wgx7-jp56-65mq" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mubw-sf3f-n3fg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48325?format=api", "vulnerability_id": "VCID-n3nu-aawj-s7af", "summary": "MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling\nDue to an incorrect use of loose (`==`) instead of strict (`===`) comparison in the [authentication code][1], PHP type juggling will cause interpretation of certain MD5 hashes as numbers, specifically those matching scientific notation.\n\n[1]: https://github.com/mantisbt/mantisbt/blob/0fb502dd613991e892ed2224ac5ea3e40ba632bc/core/authentication_api.php#L782", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.2698", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47776" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/blob/0fb502dd613991e892ed2224ac5ea3e40ba632bc/core/authentication_api.php#L782", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/blob/0fb502dd613991e892ed2224ac5ea3e40ba632bc/core/authentication_api.php#L782" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/966554a19cf1bdbcfbfb3004766979faa748f9a2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-04T20:41:52Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/966554a19cf1bdbcfbfb3004766979faa748f9a2" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=35967", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=35967" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47776", "reference_id": "CVE-2025-47776", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47776" }, { "reference_url": "https://github.com/advisories/GHSA-4v8w-gg5j-ph37", "reference_id": "GHSA-4v8w-gg5j-ph37", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4v8w-gg5j-ph37" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-4v8w-gg5j-ph37", "reference_id": "GHSA-4v8w-gg5j-ph37", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-04T20:41:52Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-4v8w-gg5j-ph37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71320?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.27.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-843s-1vx7-nueb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.27.2" } ], "aliases": [ "CVE-2025-47776", "GHSA-4v8w-gg5j-ph37" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n3nu-aawj-s7af" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44522?format=api", "vulnerability_id": "VCID-ybzq-wt16-3bc2", "summary": "MantisBT may expose private issues' summaries to unauthorized users\nMantis Bug Tracker (MantisBT) is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the _Summary_ field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted `bug_arr[]` parameter in *bug_actiongroup_ext.php*. This issue is fixed in version 2.25.6. There are no workarounds.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22476", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42019", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42093", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22476" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=31086", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=31086" }, { "reference_url": "https://github.com/advisories/GHSA-hf4x-6h87-hm79", "reference_id": "GHSA-hf4x-6h87-hm79", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hf4x-6h87-hm79" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-hf4x-6h87-hm79", "reference_id": "GHSA-hf4x-6h87-hm79", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:04Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-hf4x-6h87-hm79" }, { "reference_url": "https://www.mantisbt.org/bugs/view.php?id=31086", "reference_id": "view.php?id=31086", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:04Z/" } ], "url": "https://www.mantisbt.org/bugs/view.php?id=31086" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64054?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.25.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.25.6" } ], "aliases": [ "CVE-2023-22476", "GHSA-hf4x-6h87-hm79" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ybzq-wt16-3bc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48326?format=api", "vulnerability_id": "VCID-yhf6-qthy-nqb2", "summary": "MantisBT unauthorized disclosure of private project column configuration\nDue to insufficient access-level checks, any non-admin user having access to _manage_config_columns_page.php_ (typically project managers having MANAGER role) can use the _Copy From_ action to retrieve the columns configuration from a private project they have no access to.\n\nAccess to the reverse operation (_Copy To_) is correctly controlled, i.e. it is not possible to alter the private project's configuration.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62520", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14158", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62520" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/4fe94f45fa2baea2aeb4b65781d2009e7b4a0bf3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-04T21:44:26Z/" } ], "url": "https://github.com/mantisbt/mantisbt/commit/4fe94f45fa2baea2aeb4b65781d2009e7b4a0bf3" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=36502", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-04T21:44:26Z/" } ], "url": "https://mantisbt.org/bugs/view.php?id=36502" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62520", "reference_id": "CVE-2025-62520", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62520" }, { "reference_url": "https://github.com/advisories/GHSA-g582-8vwr-68h2", "reference_id": "GHSA-g582-8vwr-68h2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g582-8vwr-68h2" }, { "reference_url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-g582-8vwr-68h2", "reference_id": "GHSA-g582-8vwr-68h2", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-04T21:44:26Z/" } ], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-g582-8vwr-68h2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71320?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.27.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-843s-1vx7-nueb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.27.2" } ], "aliases": [ "CVE-2025-62520", "GHSA-g582-8vwr-68h2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yhf6-qthy-nqb2" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110568?format=api", "vulnerability_id": "VCID-uk44-j13d-43ce", "summary": "MantisBT XSS through crafted SVG documents in file_download.php\nAn XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download.php opens the SVG document in a browser tab instead of downloading it as a file, causing the JavaScript code to execute.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-33910", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48673", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48734", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-33910" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://github.com/mantisbt/mantisbt/commit/266762193fc6c09ffc6b14f5a34c86eae3ebee20", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt/commit/266762193fc6c09ffc6b14f5a34c86eae3ebee20" }, { "reference_url": "https://mantisbt.org/blog/archives/mantisbt/719", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/blog/archives/mantisbt/719" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=29135", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=29135" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=30384", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=30384" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33910", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33910" }, { "reference_url": "https://github.com/advisories/GHSA-qghg-v7xv-q98q", "reference_id": "GHSA-qghg-v7xv-q98q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qghg-v7xv-q98q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64053?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.25.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n7b-6pyz-cka5" }, { "vulnerability": "VCID-843s-1vx7-nueb" }, { "vulnerability": "VCID-8676-5hmd-s3hm" }, { "vulnerability": "VCID-8wux-1k2d-sbam" }, { "vulnerability": "VCID-d3yt-mkwe-33hu" }, { "vulnerability": "VCID-ed8g-bc8k-dkgq" }, { "vulnerability": "VCID-jpyg-rbg3-rybh" }, { "vulnerability": "VCID-jtj9-ccw1-8kd1" }, { "vulnerability": "VCID-mubw-sf3f-n3fg" }, { "vulnerability": "VCID-n3nu-aawj-s7af" }, { "vulnerability": "VCID-ybzq-wt16-3bc2" }, { "vulnerability": "VCID-yhf6-qthy-nqb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.25.5" } ], "aliases": [ "CVE-2022-33910", "GHSA-qghg-v7xv-q98q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uk44-j13d-43ce" } ], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.25.5" }