Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/mantisbt/mantisbt@2.27.1
Typecomposer
Namespacemantisbt
Namemantisbt
Version2.27.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.28.2
Latest_non_vulnerable_version2.28.2
Affected_by_vulnerabilities
0
url VCID-843s-1vx7-nueb
vulnerability_id VCID-843s-1vx7-nueb
summary 
MantisBT is vulnerable to authentication bypass through the SOAP API on MySQL
Mantis Bug Tracker instances running on MySQL and compatible databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of improper type checking on the password parameter.

Other database backends are not affected, as they do not perform implicit type conversion from string to integer.

### Impact
Using a crafted SOAP envelope, an attacker knowing the victim's username is able to login to the SOAP API with their account without knowledge of the actual password, and execute any API function they have access to.

### Patches
* b349e5c890eeda9bd82e7c7e14479853f8a30d9f

### Workarounds
- [Disabling the SOAP API](https://mantisbt.org/docs/master/en-US/Admin_Guide/html-desktop/#admin.config.api.disable) significantly reduces the risk, but still allows the attacker to retrieve user account information including email address and real name.

### Resources
- https://mantisbt.org/bugs/view.php?id=36902

### Credits
MantisBT thanks Alexander Philiotis of SynerComm for discovering and responsibly reporting the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-30849
reference_id
reference_type
scores
0
value 0.0014
scoring_system epss
scoring_elements 0.3387
published_at 2026-06-06T12:55:00Z
1
value 0.0014
scoring_system epss
scoring_elements 0.33801
published_at 2026-06-08T12:55:00Z
2
value 0.0014
scoring_system epss
scoring_elements 0.33835
published_at 2026-06-07T12:55:00Z
3
value 0.0014
scoring_system epss
scoring_elements 0.33855
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-30849
1
reference_url https://github.com/mantisbt/mantisbt
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mantisbt/mantisbt
2
reference_url https://github.com/mantisbt/mantisbt/commit/b349e5c890eeda9bd82e7c7e14479853f8a30d9f
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T18:29:55Z/
url https://github.com/mantisbt/mantisbt/commit/b349e5c890eeda9bd82e7c7e14479853f8a30d9f
3
reference_url https://github.com/mantisbt/mantisbt/security/advisories/GHSA-phrq-pc6r-f6gh
reference_id
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T18:29:55Z/
url https://github.com/mantisbt/mantisbt/security/advisories/GHSA-phrq-pc6r-f6gh
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-30849
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-30849
5
reference_url https://github.com/advisories/GHSA-phrq-pc6r-f6gh
reference_id GHSA-phrq-pc6r-f6gh
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-phrq-pc6r-f6gh
fixed_packages
0
url pkg:composer/mantisbt/mantisbt@2.28.1
purl pkg:composer/mantisbt/mantisbt@2.28.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3nh1-gqxv-jyce
1
vulnerability VCID-3p27-9b1r-nqbh
2
vulnerability VCID-41x9-p7gv-8fc2
3
vulnerability VCID-9y6t-pvae-vuar
4
vulnerability VCID-bx5c-hd4c-r3hn
5
vulnerability VCID-cx6p-ncwb-k3bg
6
vulnerability VCID-es4b-p6jh-7fgf
7
vulnerability VCID-hcet-rrn3-j7gj
8
vulnerability VCID-hjug-mc57-nyaf
9
vulnerability VCID-kd7p-6ypr-hucb
10
vulnerability VCID-tmey-9ntn-xkf9
11
vulnerability VCID-tndh-byw2-xbh6
12
vulnerability VCID-vgup-xrgt-57bd
13
vulnerability VCID-vgyy-dkby-w3ak
14
vulnerability VCID-xq7x-rtzx-wkef
15
vulnerability VCID-xymn-y9me-kbh9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.28.1
aliases CVE-2026-30849, GHSA-phrq-pc6r-f6gh
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-843s-1vx7-nueb
1
url VCID-8wux-1k2d-sbam
vulnerability_id VCID-8wux-1k2d-sbam
summary 
MantisBT lacks verification when changing a user's email address
When a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55155
reference_id
reference_type
scores
0
value 0.00026
scoring_system epss
scoring_elements 0.07803
published_at 2026-06-08T12:55:00Z
1
value 0.00026
scoring_system epss
scoring_elements 0.07847
published_at 2026-06-07T12:55:00Z
2
value 0.00026
scoring_system epss
scoring_elements 0.07874
published_at 2026-06-06T12:55:00Z
3
value 0.00026
scoring_system epss
scoring_elements 0.07861
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55155
1
reference_url https://github.com/mantisbt/mantisbt
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mantisbt/mantisbt
2
reference_url https://github.com/mantisbt/mantisbt/commit/21e9fbedde8553c29c0d3156e84f78157fc4f22e
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-04T21:03:02Z/
url https://github.com/mantisbt/mantisbt/commit/21e9fbedde8553c29c0d3156e84f78157fc4f22e
3
reference_url https://mantisbt.org/bugs/view.php?id=36005
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-04T21:03:02Z/
url https://mantisbt.org/bugs/view.php?id=36005
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-55155
reference_id CVE-2025-55155
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-55155
5
reference_url https://github.com/advisories/GHSA-q747-c74m-69pr
reference_id GHSA-q747-c74m-69pr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q747-c74m-69pr
6
reference_url https://github.com/mantisbt/mantisbt/security/advisories/GHSA-q747-c74m-69pr
reference_id GHSA-q747-c74m-69pr
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-04T21:03:02Z/
url https://github.com/mantisbt/mantisbt/security/advisories/GHSA-q747-c74m-69pr
fixed_packages
0
url pkg:composer/mantisbt/mantisbt@2.27.2
purl pkg:composer/mantisbt/mantisbt@2.27.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-843s-1vx7-nueb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.27.2
aliases CVE-2025-55155, GHSA-q747-c74m-69pr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8wux-1k2d-sbam
2
url VCID-d3yt-mkwe-33hu
vulnerability_id VCID-d3yt-mkwe-33hu
summary 
MantisBT Vulnerable to Denial-of-Service (DoS) via Excessive Note Length
A lack of server-side validation for note length in MantisBT allows attackers to permanently corrupt issue activity logs by submitting extremely long notes (tested with 4,788,761 characters). Once such a note is added:
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-46556
reference_id
reference_type
scores
0
value 0.00064
scoring_system epss
scoring_elements 0.19964
published_at 2026-06-08T12:55:00Z
1
value 0.00064
scoring_system epss
scoring_elements 0.2003
published_at 2026-06-07T12:55:00Z
2
value 0.00064
scoring_system epss
scoring_elements 0.20069
published_at 2026-06-06T12:55:00Z
3
value 0.00064
scoring_system epss
scoring_elements 0.20074
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-46556
1
reference_url https://github.com/mantisbt/mantisbt
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mantisbt/mantisbt
2
reference_url https://github.com/mantisbt/mantisbt/commit/c99a41272532ba49b5c8dccb7797afead9864234
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-06T20:44:31Z/
url https://github.com/mantisbt/mantisbt/commit/c99a41272532ba49b5c8dccb7797afead9864234
3
reference_url https://github.com/mantisbt/mantisbt/commit/d5cec6bffb44d54bd412c186b9baa409b1aa4238
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-06T20:44:31Z/
url https://github.com/mantisbt/mantisbt/commit/d5cec6bffb44d54bd412c186b9baa409b1aa4238
4
reference_url https://github.com/mantisbt/mantisbt/commit/e9119c68b4a0eaa0bbde3deb121e81f5f7157361
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-06T20:44:31Z/
url https://github.com/mantisbt/mantisbt/commit/e9119c68b4a0eaa0bbde3deb121e81f5f7157361
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-46556
reference_id CVE-2025-46556
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-46556
6
reference_url https://github.com/advisories/GHSA-r3jf-hm7q-qfw5
reference_id GHSA-r3jf-hm7q-qfw5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r3jf-hm7q-qfw5
7
reference_url https://github.com/mantisbt/mantisbt/security/advisories/GHSA-r3jf-hm7q-qfw5
reference_id GHSA-r3jf-hm7q-qfw5
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-06T20:44:31Z/
url https://github.com/mantisbt/mantisbt/security/advisories/GHSA-r3jf-hm7q-qfw5
fixed_packages
0
url pkg:composer/mantisbt/mantisbt@2.27.2
purl pkg:composer/mantisbt/mantisbt@2.27.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-843s-1vx7-nueb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.27.2
aliases CVE-2025-46556, GHSA-r3jf-hm7q-qfw5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d3yt-mkwe-33hu
3
url VCID-n3nu-aawj-s7af
vulnerability_id VCID-n3nu-aawj-s7af
summary 
MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling
Due to an incorrect use of loose (`==`) instead of strict (`===`) comparison in the [authentication code][1], PHP type juggling will cause interpretation of certain MD5 hashes as numbers, specifically those matching scientific notation.

[1]: https://github.com/mantisbt/mantisbt/blob/0fb502dd613991e892ed2224ac5ea3e40ba632bc/core/authentication_api.php#L782
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-47776
reference_id
reference_type
scores
0
value 0.00098
scoring_system epss
scoring_elements 0.26971
published_at 2026-06-06T12:55:00Z
1
value 0.00098
scoring_system epss
scoring_elements 0.26879
published_at 2026-06-08T12:55:00Z
2
value 0.00098
scoring_system epss
scoring_elements 0.26933
published_at 2026-06-07T12:55:00Z
3
value 0.00098
scoring_system epss
scoring_elements 0.2698
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-47776
1
reference_url https://github.com/mantisbt/mantisbt
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mantisbt/mantisbt
2
reference_url https://github.com/mantisbt/mantisbt/blob/0fb502dd613991e892ed2224ac5ea3e40ba632bc/core/authentication_api.php#L782
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mantisbt/mantisbt/blob/0fb502dd613991e892ed2224ac5ea3e40ba632bc/core/authentication_api.php#L782
3
reference_url https://github.com/mantisbt/mantisbt/commit/966554a19cf1bdbcfbfb3004766979faa748f9a2
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-04T20:41:52Z/
url https://github.com/mantisbt/mantisbt/commit/966554a19cf1bdbcfbfb3004766979faa748f9a2
4
reference_url https://mantisbt.org/bugs/view.php?id=35967
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://mantisbt.org/bugs/view.php?id=35967
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-47776
reference_id CVE-2025-47776
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-47776
6
reference_url https://github.com/advisories/GHSA-4v8w-gg5j-ph37
reference_id GHSA-4v8w-gg5j-ph37
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4v8w-gg5j-ph37
7
reference_url https://github.com/mantisbt/mantisbt/security/advisories/GHSA-4v8w-gg5j-ph37
reference_id GHSA-4v8w-gg5j-ph37
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-04T20:41:52Z/
url https://github.com/mantisbt/mantisbt/security/advisories/GHSA-4v8w-gg5j-ph37
fixed_packages
0
url pkg:composer/mantisbt/mantisbt@2.27.2
purl pkg:composer/mantisbt/mantisbt@2.27.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-843s-1vx7-nueb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.27.2
aliases CVE-2025-47776, GHSA-4v8w-gg5j-ph37
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n3nu-aawj-s7af
4
url VCID-yhf6-qthy-nqb2
vulnerability_id VCID-yhf6-qthy-nqb2
summary 
MantisBT unauthorized disclosure of private project column configuration
Due to insufficient access-level checks, any non-admin user having access to _manage_config_columns_page.php_ (typically project managers having MANAGER role) can use the _Copy From_ action to retrieve the columns configuration from a private project they have no access to.

Access to the reverse operation (_Copy To_) is correctly controlled, i.e. it is not possible to alter the private project's configuration.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62520
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.1404
published_at 2026-06-08T12:55:00Z
1
value 0.00045
scoring_system epss
scoring_elements 0.14125
published_at 2026-06-07T12:55:00Z
2
value 0.00045
scoring_system epss
scoring_elements 0.14161
published_at 2026-06-06T12:55:00Z
3
value 0.00045
scoring_system epss
scoring_elements 0.14158
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62520
1
reference_url https://github.com/mantisbt/mantisbt
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mantisbt/mantisbt
2
reference_url https://github.com/mantisbt/mantisbt/commit/4fe94f45fa2baea2aeb4b65781d2009e7b4a0bf3
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-04T21:44:26Z/
url https://github.com/mantisbt/mantisbt/commit/4fe94f45fa2baea2aeb4b65781d2009e7b4a0bf3
3
reference_url https://mantisbt.org/bugs/view.php?id=36502
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-04T21:44:26Z/
url https://mantisbt.org/bugs/view.php?id=36502
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62520
reference_id CVE-2025-62520
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-62520
5
reference_url https://github.com/advisories/GHSA-g582-8vwr-68h2
reference_id GHSA-g582-8vwr-68h2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g582-8vwr-68h2
6
reference_url https://github.com/mantisbt/mantisbt/security/advisories/GHSA-g582-8vwr-68h2
reference_id GHSA-g582-8vwr-68h2
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-04T21:44:26Z/
url https://github.com/mantisbt/mantisbt/security/advisories/GHSA-g582-8vwr-68h2
fixed_packages
0
url pkg:composer/mantisbt/mantisbt@2.27.2
purl pkg:composer/mantisbt/mantisbt@2.27.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-843s-1vx7-nueb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.27.2
aliases CVE-2025-62520, GHSA-g582-8vwr-68h2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yhf6-qthy-nqb2
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.27.1