Search for packages
| purl | pkg:composer/mantisbt/mantisbt@2.17.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1mx6-dajb-73ab
Aliases: CVE-2019-15539 GHSA-p495-jrpq-p66g |
Affected by 28 other vulnerabilities. |
|
|
VCID-356u-qtzd-8bha
Aliases: CVE-2019-15074 GHSA-gg4j-279j-22ph |
Affected by 29 other vulnerabilities. |
|
|
VCID-3yhd-78vq-dfab
Aliases: CVE-2024-23830 GHSA-mcqj-7p29-9528 |
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As a workaround, define `$g_path` as appropriate in `config_inc.php`. |
Affected by 10 other vulnerabilities. |
|
VCID-4n95-7kt6-hkgm
Aliases: CVE-2024-45792 GHSA-h5q3-fjp4-2x7r |
Affected by 5 other vulnerabilities. |
|
|
VCID-5czm-r5kq-jufc
Aliases: CVE-2020-29605 GHSA-pgg9-mmcg-8mxp |
Affected by 19 other vulnerabilities. |
|
|
VCID-8fkh-uqyh-mubs
Aliases: CVE-2023-22476 GHSA-hf4x-6h87-hm79 |
MantisBT may expose private issues' summaries to unauthorized users Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the _Summary_ field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted `bug_arr[]` parameter in *bug_actiongroup_ext.php*. This issue is fixed in version 2.25.6. There are no workarounds. |
Affected by 11 other vulnerabilities. |
|
VCID-9qhw-6sc1-3fee
Aliases: CVE-2025-47776 GHSA-4v8w-gg5j-ph37 |
MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling Due to an incorrect use of loose (`==`) instead of strict (`===`) comparison in the [authentication code][1], PHP type juggling will cause interpretation of certain MD5 hashes as numbers, specifically those matching scientific notation. [1]: https://github.com/mantisbt/mantisbt/blob/0fb502dd613991e892ed2224ac5ea3e40ba632bc/core/authentication_api.php#L782 |
Affected by 1 other vulnerability. |
|
VCID-c11k-ccmd-8kbr
Aliases: CVE-2020-35571 GHSA-cvrm-cr3m-qj92 |
Affected by 17 other vulnerabilities. |
|
|
VCID-cfxr-2bs3-93eq
Aliases: CVE-2022-26144 GHSA-rqgj-rqfr-5j6f |
MantisBT vulnerable to XSS due to improper escape in manage_plugin_page.php and manage_plugin_uninstall.php An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code (if CSP allows it) in manage_plugin_page.php and manage_plugin_uninstall.php when a crafted plugin is installed. |
Affected by 13 other vulnerabilities. |
|
VCID-ed1n-rpkj-ukgf
Aliases: CVE-2022-28508 GHSA-wfg2-2wmw-6894 |
MantisBT vulnerable to XSS via unescaped output in browser_search_plugin.php An XSS issue was discovered in browser_search_plugin.php in MantisBT up to and including 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field. |
Affected by 13 other vulnerabilities. |
|
VCID-eewc-shba-ducc
Aliases: CVE-2021-43257 GHSA-rg8f-5p7x-m6wv |
MantisBT CSV Injection unprivileged user access in csv_export.php Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel. |
Affected by 13 other vulnerabilities. |
|
VCID-f8gr-xt6j-7yhx
Aliases: CVE-2020-25830 GHSA-2pm7-q8pc-xhvq |
Affected by 24 other vulnerabilities. |
|
|
VCID-gukk-5wur-e7da
Aliases: CVE-2024-34080 GHSA-99jc-wqmr-ff2q |
Affected by 6 other vulnerabilities. |
|
|
VCID-hfwp-5xu8-5kc1
Aliases: CVE-2020-16266 GHSA-4rrc-5vp6-m3f6 |
Affected by 27 other vulnerabilities. |
|
|
VCID-hky3-6sfp-hkez
Aliases: CVE-2019-15715 GHSA-v23g-wjvq-2fpf |
Affected by 27 other vulnerabilities. |
|
|
VCID-jc68-738x-w3c9
Aliases: CVE-2026-30849 GHSA-phrq-pc6r-f6gh |
Affected by 16 other vulnerabilities. |
|
|
VCID-jfgt-47uw-bbbe
Aliases: CVE-2024-34077 GHSA-93x3-m7pw-ppqm |
Affected by 6 other vulnerabilities. |
|
|
VCID-kxbu-jx12-eugx
Aliases: CVE-2025-62520 GHSA-g582-8vwr-68h2 |
MantisBT unauthorized disclosure of private project column configuration Due to insufficient access-level checks, any non-admin user having access to _manage_config_columns_page.php_ (typically project managers having MANAGER role) can use the _Copy From_ action to retrieve the columns configuration from a private project they have no access to. Access to the reverse operation (_Copy To_) is correctly controlled, i.e. it is not possible to alter the private project's configuration. |
Affected by 1 other vulnerability. |
|
VCID-ptyh-gsmv-3uaq
Aliases: CVE-2020-28413 GHSA-49w9-82cj-xr48 |
Affected by 19 other vulnerabilities. |
|
|
VCID-q7vc-ehq8-7qaw
Aliases: CVE-2020-29604 GHSA-f38c-wxp6-8xjv |
Affected by 19 other vulnerabilities. |
|
|
VCID-rdw7-ge5a-23ah
Aliases: CVE-2025-46556 GHSA-r3jf-hm7q-qfw5 |
MantisBT Vulnerable to Denial-of-Service (DoS) via Excessive Note Length A lack of server-side validation for note length in MantisBT allows attackers to permanently corrupt issue activity logs by submitting extremely long notes (tested with 4,788,761 characters). Once such a note is added: |
Affected by 1 other vulnerability. |
|
VCID-s8as-gy6q-wug6
Aliases: CVE-2024-34081 GHSA-wgx7-jp56-65mq |
Affected by 6 other vulnerabilities. |
|
|
VCID-skev-43cw-g7hh
Aliases: CVE-2022-33910 GHSA-qghg-v7xv-q98q |
Affected by 12 other vulnerabilities. |
|
|
VCID-vrwz-m6bp-kffj
Aliases: CVE-2020-35849 GHSA-7j8m-fm49-xgmg |
Affected by 19 other vulnerabilities. |
|
|
VCID-w6sb-4aw6-4khx
Aliases: CVE-2020-25781 GHSA-xjmx-cprh-646r |
Affected by 24 other vulnerabilities. |
|
|
VCID-wt9n-tgjd-8kae
Aliases: CVE-2009-20001 GHSA-jm72-67rm-763j |
MantisBT Insufficient Session Expiration cookie string not reset after logout An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as them. |
Affected by 18 other vulnerabilities. |
|
VCID-yj8x-g24q-8fh1
Aliases: CVE-2021-33557 GHSA-52cx-vphc-jmjm |
Affected by 16 other vulnerabilities. |
|
|
VCID-z2we-878d-hkd4
Aliases: CVE-2023-44394 GHSA-v642-mh27-8j6m |
MantisBT may disclose project names to unauthorized users Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. |
Affected by 10 other vulnerabilities. |
|
VCID-zd13-wjcz-9khc
Aliases: CVE-2020-29603 GHSA-qpj5-f88q-x7px |
Affected by 19 other vulnerabilities. |
|
|
VCID-zq7k-qmpm-e3bf
Aliases: CVE-2025-55155 GHSA-q747-c74m-69pr |
MantisBT lacks verification when changing a user's email address When a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-c84s-tzab-2qev | MantisBT allows XSS via Edit Filter page A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name. |
CVE-2018-17783
GHSA-gcqw-45xq-xc63 |
| VCID-jb3c-s41f-4yg6 | MantisBT allows XSS via the Manage Filter page A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name. |
CVE-2018-17782
GHSA-ggjm-7m5f-7xjv |