VulnerableCode Package Details - pkg:composer/mantisbt/mantisbt@2.1.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-23t9-317h-4fem Aliases: CVE-2017-7309 GHSA-4w6c-3hcx-rfj5	MantisBT vulnerable to XSS through config_option parameter in adm_config_report.php A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3.	2.1.3 Affected by 0 other vulnerabilities. 2.2.3 Affected by 0 other vulnerabilities.
VCID-3c1s-612q-jbgg Aliases: CVE-2018-13055 GHSA-mjp7-97w4-jwhc	MantisBT allows XSS via View Filters page A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO.	2.15.1 Affected by 0 other vulnerabilities.
VCID-c84s-tzab-2qev Aliases: CVE-2018-17783 GHSA-gcqw-45xq-xc63	MantisBT allows XSS via Edit Filter page A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.	2.17.2 Affected by 0 other vulnerabilities.
VCID-jb3c-s41f-4yg6 Aliases: CVE-2018-17782 GHSA-ggjm-7m5f-7xjv	MantisBT allows XSS via the Manage Filter page A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.	2.17.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-23t9-317h-4fem
Aliases:
CVE-2017-7309
GHSA-4w6c-3hcx-rfj5

MantisBT vulnerable to XSS through config_option parameter in adm_config_report.php A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3.

2.1.3
Affected by 0 other vulnerabilities.

2.2.3
Affected by 0 other vulnerabilities.

VCID-3c1s-612q-jbgg
Aliases:
CVE-2018-13055
GHSA-mjp7-97w4-jwhc

MantisBT allows XSS via View Filters page A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO.

2.15.1
Affected by 0 other vulnerabilities.

VCID-c84s-tzab-2qev
Aliases:
CVE-2018-17783
GHSA-gcqw-45xq-xc63

MantisBT allows XSS via Edit Filter page A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.

2.17.2
Affected by 0 other vulnerabilities.

VCID-jb3c-s41f-4yg6
Aliases:
CVE-2018-17782
GHSA-ggjm-7m5f-7xjv

MantisBT allows XSS via the Manage Filter page A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.

2.17.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-30T20:59:19.014542+00:00	GitLab Importer	Affected by	VCID-23t9-317h-4fem	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mantisbt/mantisbt/CVE-2017-7309.yml	38.6.0
2026-05-30T20:59:15.939511+00:00	GitLab Importer	Affected by	VCID-c84s-tzab-2qev	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mantisbt/mantisbt/CVE-2018-17783.yml	38.6.0
2026-05-30T20:59:12.574983+00:00	GitLab Importer	Affected by	VCID-3c1s-612q-jbgg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mantisbt/mantisbt/CVE-2018-13055.yml	38.6.0
2026-05-30T20:58:53.184650+00:00	GitLab Importer	Affected by	VCID-jb3c-s41f-4yg6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mantisbt/mantisbt/CVE-2018-17782.yml	38.6.0