| 0 |
| url |
VCID-1n7b-6pyz-cka5 |
| vulnerability_id |
VCID-1n7b-6pyz-cka5 |
| summary |
Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process
Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending.
The exploit is only possible while the verification token is valid, i.e for 5 minutes after the confirmation URL sent by e-mail has been opened, and the user did not complete the process by updating their password.
A brute-force attack calling account_update.php with increasing user IDs is possible. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-34077, GHSA-93x3-m7pw-ppqm
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1n7b-6pyz-cka5 |
|
| 1 |
| url |
VCID-1nq1-6hwz-7kcq |
| vulnerability_id |
VCID-1nq1-6hwz-7kcq |
| summary |
MantisBT HTML Injection vulnerability
An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via `bug_actiongroup_page.php`. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mantisbt/mantisbt@2.24.3 |
| purl |
pkg:composer/mantisbt/mantisbt@2.24.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1n7b-6pyz-cka5 |
|
| 1 |
| vulnerability |
VCID-5mtg-nbrw-jyhp |
|
| 2 |
| vulnerability |
VCID-843s-1vx7-nueb |
|
| 3 |
| vulnerability |
VCID-8676-5hmd-s3hm |
|
| 4 |
| vulnerability |
VCID-8hsn-cvrk-1uh5 |
|
| 5 |
| vulnerability |
VCID-8wux-1k2d-sbam |
|
| 6 |
| vulnerability |
VCID-d3yt-mkwe-33hu |
|
| 7 |
| vulnerability |
VCID-ed8g-bc8k-dkgq |
|
| 8 |
| vulnerability |
VCID-fwyx-hjd4-b7hh |
|
| 9 |
| vulnerability |
VCID-hxaw-gp24-9kfv |
|
| 10 |
| vulnerability |
VCID-jpyg-rbg3-rybh |
|
| 11 |
| vulnerability |
VCID-jtj9-ccw1-8kd1 |
|
| 12 |
| vulnerability |
VCID-kh1w-q4tc-6yhd |
|
| 13 |
| vulnerability |
VCID-mubw-sf3f-n3fg |
|
| 14 |
| vulnerability |
VCID-n3nu-aawj-s7af |
|
| 15 |
| vulnerability |
VCID-qazy-c4se-fyfb |
|
| 16 |
| vulnerability |
VCID-stgp-f24d-qqdp |
|
| 17 |
| vulnerability |
VCID-uk44-j13d-43ce |
|
| 18 |
| vulnerability |
VCID-uyk7-6syy-m7c3 |
|
| 19 |
| vulnerability |
VCID-uzm1-jgsr-ufeg |
|
| 20 |
| vulnerability |
VCID-w3u1-um27-1uay |
|
| 21 |
| vulnerability |
VCID-y7ms-qz8n-3ugn |
|
| 22 |
| vulnerability |
VCID-ybzq-wt16-3bc2 |
|
| 23 |
| vulnerability |
VCID-yhf6-qthy-nqb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.24.3 |
|
|
| aliases |
CVE-2020-25830, GHSA-2pm7-q8pc-xhvq
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1nq1-6hwz-7kcq |
|
| 2 |
| url |
VCID-1v33-u5bm-pyem |
| vulnerability_id |
VCID-1v33-u5bm-pyem |
| summary |
MantisBT Remote Code Execution
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mantisbt/mantisbt@2.22.1 |
| purl |
pkg:composer/mantisbt/mantisbt@2.22.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1n7b-6pyz-cka5 |
|
| 1 |
| vulnerability |
VCID-1nq1-6hwz-7kcq |
|
| 2 |
| vulnerability |
VCID-5mtg-nbrw-jyhp |
|
| 3 |
| vulnerability |
VCID-843s-1vx7-nueb |
|
| 4 |
| vulnerability |
VCID-8676-5hmd-s3hm |
|
| 5 |
| vulnerability |
VCID-8hsn-cvrk-1uh5 |
|
| 6 |
| vulnerability |
VCID-8wux-1k2d-sbam |
|
| 7 |
| vulnerability |
VCID-d3yt-mkwe-33hu |
|
| 8 |
| vulnerability |
VCID-ed8g-bc8k-dkgq |
|
| 9 |
| vulnerability |
VCID-fwyx-hjd4-b7hh |
|
| 10 |
| vulnerability |
VCID-hxaw-gp24-9kfv |
|
| 11 |
| vulnerability |
VCID-jpyg-rbg3-rybh |
|
| 12 |
| vulnerability |
VCID-jqsn-z754-57ek |
|
| 13 |
| vulnerability |
VCID-jtj9-ccw1-8kd1 |
|
| 14 |
| vulnerability |
VCID-kh1w-q4tc-6yhd |
|
| 15 |
| vulnerability |
VCID-mubw-sf3f-n3fg |
|
| 16 |
| vulnerability |
VCID-n3nu-aawj-s7af |
|
| 17 |
| vulnerability |
VCID-qazy-c4se-fyfb |
|
| 18 |
| vulnerability |
VCID-smvy-4xzy-4fbq |
|
| 19 |
| vulnerability |
VCID-stgp-f24d-qqdp |
|
| 20 |
| vulnerability |
VCID-uk44-j13d-43ce |
|
| 21 |
| vulnerability |
VCID-uyk7-6syy-m7c3 |
|
| 22 |
| vulnerability |
VCID-uzm1-jgsr-ufeg |
|
| 23 |
| vulnerability |
VCID-w3u1-um27-1uay |
|
| 24 |
| vulnerability |
VCID-y7ms-qz8n-3ugn |
|
| 25 |
| vulnerability |
VCID-ybzq-wt16-3bc2 |
|
| 26 |
| vulnerability |
VCID-yhf6-qthy-nqb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.22.1 |
|
|
| aliases |
CVE-2019-15715, GHSA-v23g-wjvq-2fpf
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1v33-u5bm-pyem |
|
| 3 |
| url |
VCID-516n-s5ts-eyg8 |
| vulnerability_id |
VCID-516n-s5ts-eyg8 |
| summary |
MantisBT cross-site scripting (XSS) vulnerability through crafted PATH_INFO
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filter_edit_page.php) in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-13055. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mantisbt/mantisbt@2.17.1 |
| purl |
pkg:composer/mantisbt/mantisbt@2.17.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1n7b-6pyz-cka5 |
|
| 1 |
| vulnerability |
VCID-1nq1-6hwz-7kcq |
|
| 2 |
| vulnerability |
VCID-1v33-u5bm-pyem |
|
| 3 |
| vulnerability |
VCID-5mtg-nbrw-jyhp |
|
| 4 |
| vulnerability |
VCID-6tnt-m23j-pyhv |
|
| 5 |
| vulnerability |
VCID-843s-1vx7-nueb |
|
| 6 |
| vulnerability |
VCID-8676-5hmd-s3hm |
|
| 7 |
| vulnerability |
VCID-8cnw-f9a5-aygc |
|
| 8 |
| vulnerability |
VCID-8hsn-cvrk-1uh5 |
|
| 9 |
| vulnerability |
VCID-8wux-1k2d-sbam |
|
| 10 |
| vulnerability |
VCID-d3yt-mkwe-33hu |
|
| 11 |
| vulnerability |
VCID-ed8g-bc8k-dkgq |
|
| 12 |
| vulnerability |
VCID-fwyx-hjd4-b7hh |
|
| 13 |
| vulnerability |
VCID-hxaw-gp24-9kfv |
|
| 14 |
| vulnerability |
VCID-hz9e-tmbf-uydt |
|
| 15 |
| vulnerability |
VCID-jpyg-rbg3-rybh |
|
| 16 |
| vulnerability |
VCID-jqsn-z754-57ek |
|
| 17 |
| vulnerability |
VCID-jtj9-ccw1-8kd1 |
|
| 18 |
| vulnerability |
VCID-kh1w-q4tc-6yhd |
|
| 19 |
| vulnerability |
VCID-m956-44xf-2qfz |
|
| 20 |
| vulnerability |
VCID-mubw-sf3f-n3fg |
|
| 21 |
| vulnerability |
VCID-n3nu-aawj-s7af |
|
| 22 |
| vulnerability |
VCID-qazy-c4se-fyfb |
|
| 23 |
| vulnerability |
VCID-smvy-4xzy-4fbq |
|
| 24 |
| vulnerability |
VCID-stgp-f24d-qqdp |
|
| 25 |
| vulnerability |
VCID-uk44-j13d-43ce |
|
| 26 |
| vulnerability |
VCID-uyk7-6syy-m7c3 |
|
| 27 |
| vulnerability |
VCID-uzm1-jgsr-ufeg |
|
| 28 |
| vulnerability |
VCID-w3u1-um27-1uay |
|
| 29 |
| vulnerability |
VCID-y7ms-qz8n-3ugn |
|
| 30 |
| vulnerability |
VCID-ybzq-wt16-3bc2 |
|
| 31 |
| vulnerability |
VCID-yhf6-qthy-nqb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.17.1 |
|
|
| aliases |
CVE-2018-16514, GHSA-3qv7-98vm-xx2v
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-516n-s5ts-eyg8 |
|
| 4 |
| url |
VCID-5mtg-nbrw-jyhp |
| vulnerability_id |
VCID-5mtg-nbrw-jyhp |
| summary |
MantisBT Missing Authorization access check in bug_actiongroup.php
An issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php allows an attacker (with rights to create new issues) to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue (i.e., one having Private view status, or belonging to a private Project) via the bug_arr[] parameter. This provides full access to potentially confidential information. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mantisbt/mantisbt@2.24.4 |
| purl |
pkg:composer/mantisbt/mantisbt@2.24.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1n7b-6pyz-cka5 |
|
| 1 |
| vulnerability |
VCID-843s-1vx7-nueb |
|
| 2 |
| vulnerability |
VCID-8676-5hmd-s3hm |
|
| 3 |
| vulnerability |
VCID-8wux-1k2d-sbam |
|
| 4 |
| vulnerability |
VCID-d3yt-mkwe-33hu |
|
| 5 |
| vulnerability |
VCID-ed8g-bc8k-dkgq |
|
| 6 |
| vulnerability |
VCID-hxaw-gp24-9kfv |
|
| 7 |
| vulnerability |
VCID-jpyg-rbg3-rybh |
|
| 8 |
| vulnerability |
VCID-jtj9-ccw1-8kd1 |
|
| 9 |
| vulnerability |
VCID-kh1w-q4tc-6yhd |
|
| 10 |
| vulnerability |
VCID-mubw-sf3f-n3fg |
|
| 11 |
| vulnerability |
VCID-n3nu-aawj-s7af |
|
| 12 |
| vulnerability |
VCID-stgp-f24d-qqdp |
|
| 13 |
| vulnerability |
VCID-uk44-j13d-43ce |
|
| 14 |
| vulnerability |
VCID-uyk7-6syy-m7c3 |
|
| 15 |
| vulnerability |
VCID-uzm1-jgsr-ufeg |
|
| 16 |
| vulnerability |
VCID-y7ms-qz8n-3ugn |
|
| 17 |
| vulnerability |
VCID-ybzq-wt16-3bc2 |
|
| 18 |
| vulnerability |
VCID-yhf6-qthy-nqb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.24.4 |
|
|
| aliases |
CVE-2020-29604, GHSA-f38c-wxp6-8xjv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5mtg-nbrw-jyhp |
|
| 5 |
| url |
VCID-6tnt-m23j-pyhv |
| vulnerability_id |
VCID-6tnt-m23j-pyhv |
| summary |
MantisBT allows XSS via Edit Filter page
A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mantisbt/mantisbt@2.17.2 |
| purl |
pkg:composer/mantisbt/mantisbt@2.17.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1n7b-6pyz-cka5 |
|
| 1 |
| vulnerability |
VCID-1nq1-6hwz-7kcq |
|
| 2 |
| vulnerability |
VCID-1v33-u5bm-pyem |
|
| 3 |
| vulnerability |
VCID-5mtg-nbrw-jyhp |
|
| 4 |
| vulnerability |
VCID-843s-1vx7-nueb |
|
| 5 |
| vulnerability |
VCID-8676-5hmd-s3hm |
|
| 6 |
| vulnerability |
VCID-8cnw-f9a5-aygc |
|
| 7 |
| vulnerability |
VCID-8hsn-cvrk-1uh5 |
|
| 8 |
| vulnerability |
VCID-8wux-1k2d-sbam |
|
| 9 |
| vulnerability |
VCID-d3yt-mkwe-33hu |
|
| 10 |
| vulnerability |
VCID-ed8g-bc8k-dkgq |
|
| 11 |
| vulnerability |
VCID-fwyx-hjd4-b7hh |
|
| 12 |
| vulnerability |
VCID-hxaw-gp24-9kfv |
|
| 13 |
| vulnerability |
VCID-jpyg-rbg3-rybh |
|
| 14 |
| vulnerability |
VCID-jqsn-z754-57ek |
|
| 15 |
| vulnerability |
VCID-jtj9-ccw1-8kd1 |
|
| 16 |
| vulnerability |
VCID-kh1w-q4tc-6yhd |
|
| 17 |
| vulnerability |
VCID-m956-44xf-2qfz |
|
| 18 |
| vulnerability |
VCID-mubw-sf3f-n3fg |
|
| 19 |
| vulnerability |
VCID-n3nu-aawj-s7af |
|
| 20 |
| vulnerability |
VCID-qazy-c4se-fyfb |
|
| 21 |
| vulnerability |
VCID-smvy-4xzy-4fbq |
|
| 22 |
| vulnerability |
VCID-stgp-f24d-qqdp |
|
| 23 |
| vulnerability |
VCID-uk44-j13d-43ce |
|
| 24 |
| vulnerability |
VCID-uyk7-6syy-m7c3 |
|
| 25 |
| vulnerability |
VCID-uzm1-jgsr-ufeg |
|
| 26 |
| vulnerability |
VCID-w3u1-um27-1uay |
|
| 27 |
| vulnerability |
VCID-y7ms-qz8n-3ugn |
|
| 28 |
| vulnerability |
VCID-ybzq-wt16-3bc2 |
|
| 29 |
| vulnerability |
VCID-yhf6-qthy-nqb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.17.2 |
|
|
| aliases |
CVE-2018-17783, GHSA-gcqw-45xq-xc63
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6tnt-m23j-pyhv |
|
| 6 |
| url |
VCID-843s-1vx7-nueb |
| vulnerability_id |
VCID-843s-1vx7-nueb |
| summary |
MantisBT is vulnerable to authentication bypass through the SOAP API on MySQL
Mantis Bug Tracker instances running on MySQL and compatible databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of improper type checking on the password parameter.
Other database backends are not affected, as they do not perform implicit type conversion from string to integer.
### Impact
Using a crafted SOAP envelope, an attacker knowing the victim's username is able to login to the SOAP API with their account without knowledge of the actual password, and execute any API function they have access to.
### Patches
* b349e5c890eeda9bd82e7c7e14479853f8a30d9f
### Workarounds
- [Disabling the SOAP API](https://mantisbt.org/docs/master/en-US/Admin_Guide/html-desktop/#admin.config.api.disable) significantly reduces the risk, but still allows the attacker to retrieve user account information including email address and real name.
### Resources
- https://mantisbt.org/bugs/view.php?id=36902
### Credits
MantisBT thanks Alexander Philiotis of SynerComm for discovering and responsibly reporting the issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-30849, GHSA-phrq-pc6r-f6gh
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-843s-1vx7-nueb |
|
| 7 |
| url |
VCID-8676-5hmd-s3hm |
| vulnerability_id |
VCID-8676-5hmd-s3hm |
| summary |
MantisBT vulnerable to information disclosure with user profiles
Using a crafted POST request, an unprivileged, registered user is able to retrieve information about other users' personal system profiles. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/mantisbt/mantisbt |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/mantisbt/mantisbt |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://mantisbt.org/bugs/view.php?id=34640 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:31:35Z/ |
|
|
| url |
https://mantisbt.org/bugs/view.php?id=34640 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-45792, GHSA-h5q3-fjp4-2x7r
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8676-5hmd-s3hm |
|
| 8 |
| url |
VCID-8cnw-f9a5-aygc |
| vulnerability_id |
VCID-8cnw-f9a5-aygc |
| summary |
MantisBT XSS when uploading an attachment
The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed when editing the document's page. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mantisbt/mantisbt@2.21.3 |
| purl |
pkg:composer/mantisbt/mantisbt@2.21.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1n7b-6pyz-cka5 |
|
| 1 |
| vulnerability |
VCID-1nq1-6hwz-7kcq |
|
| 2 |
| vulnerability |
VCID-1v33-u5bm-pyem |
|
| 3 |
| vulnerability |
VCID-5mtg-nbrw-jyhp |
|
| 4 |
| vulnerability |
VCID-843s-1vx7-nueb |
|
| 5 |
| vulnerability |
VCID-8676-5hmd-s3hm |
|
| 6 |
| vulnerability |
VCID-8hsn-cvrk-1uh5 |
|
| 7 |
| vulnerability |
VCID-8wux-1k2d-sbam |
|
| 8 |
| vulnerability |
VCID-d3yt-mkwe-33hu |
|
| 9 |
| vulnerability |
VCID-ed8g-bc8k-dkgq |
|
| 10 |
| vulnerability |
VCID-fwyx-hjd4-b7hh |
|
| 11 |
| vulnerability |
VCID-hxaw-gp24-9kfv |
|
| 12 |
| vulnerability |
VCID-jpyg-rbg3-rybh |
|
| 13 |
| vulnerability |
VCID-jqsn-z754-57ek |
|
| 14 |
| vulnerability |
VCID-jtj9-ccw1-8kd1 |
|
| 15 |
| vulnerability |
VCID-kh1w-q4tc-6yhd |
|
| 16 |
| vulnerability |
VCID-mubw-sf3f-n3fg |
|
| 17 |
| vulnerability |
VCID-n3nu-aawj-s7af |
|
| 18 |
| vulnerability |
VCID-qazy-c4se-fyfb |
|
| 19 |
| vulnerability |
VCID-smvy-4xzy-4fbq |
|
| 20 |
| vulnerability |
VCID-stgp-f24d-qqdp |
|
| 21 |
| vulnerability |
VCID-uk44-j13d-43ce |
|
| 22 |
| vulnerability |
VCID-uyk7-6syy-m7c3 |
|
| 23 |
| vulnerability |
VCID-uzm1-jgsr-ufeg |
|
| 24 |
| vulnerability |
VCID-w3u1-um27-1uay |
|
| 25 |
| vulnerability |
VCID-y7ms-qz8n-3ugn |
|
| 26 |
| vulnerability |
VCID-ybzq-wt16-3bc2 |
|
| 27 |
| vulnerability |
VCID-yhf6-qthy-nqb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.21.3 |
|
|
| aliases |
CVE-2019-15539, GHSA-p495-jrpq-p66g
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8cnw-f9a5-aygc |
|
| 9 |
| url |
VCID-8hsn-cvrk-1uh5 |
| vulnerability_id |
VCID-8hsn-cvrk-1uh5 |
| summary |
MantisBT Incorrect Authorization for bug_revision_view_page.php check
An issue was discovered in MantisBT before 2.24.4. An incorrect access check in bug_revision_view_page.php allows an unprivileged attacker to view the Summary field of private issues, as well as bugnotes revisions, gaining access to potentially confidential information via the bugnote_id parameter. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mantisbt/mantisbt@2.24.4 |
| purl |
pkg:composer/mantisbt/mantisbt@2.24.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1n7b-6pyz-cka5 |
|
| 1 |
| vulnerability |
VCID-843s-1vx7-nueb |
|
| 2 |
| vulnerability |
VCID-8676-5hmd-s3hm |
|
| 3 |
| vulnerability |
VCID-8wux-1k2d-sbam |
|
| 4 |
| vulnerability |
VCID-d3yt-mkwe-33hu |
|
| 5 |
| vulnerability |
VCID-ed8g-bc8k-dkgq |
|
| 6 |
| vulnerability |
VCID-hxaw-gp24-9kfv |
|
| 7 |
| vulnerability |
VCID-jpyg-rbg3-rybh |
|
| 8 |
| vulnerability |
VCID-jtj9-ccw1-8kd1 |
|
| 9 |
| vulnerability |
VCID-kh1w-q4tc-6yhd |
|
| 10 |
| vulnerability |
VCID-mubw-sf3f-n3fg |
|
| 11 |
| vulnerability |
VCID-n3nu-aawj-s7af |
|
| 12 |
| vulnerability |
VCID-stgp-f24d-qqdp |
|
| 13 |
| vulnerability |
VCID-uk44-j13d-43ce |
|
| 14 |
| vulnerability |
VCID-uyk7-6syy-m7c3 |
|
| 15 |
| vulnerability |
VCID-uzm1-jgsr-ufeg |
|
| 16 |
| vulnerability |
VCID-y7ms-qz8n-3ugn |
|
| 17 |
| vulnerability |
VCID-ybzq-wt16-3bc2 |
|
| 18 |
| vulnerability |
VCID-yhf6-qthy-nqb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.24.4 |
|
|
| aliases |
CVE-2020-35849, GHSA-7j8m-fm49-xgmg
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8hsn-cvrk-1uh5 |
|
| 10 |
| url |
VCID-8wux-1k2d-sbam |
| vulnerability_id |
VCID-8wux-1k2d-sbam |
| summary |
MantisBT lacks verification when changing a user's email address
When a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-55155, GHSA-q747-c74m-69pr
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8wux-1k2d-sbam |
|
| 11 |
| url |
VCID-d3yt-mkwe-33hu |
| vulnerability_id |
VCID-d3yt-mkwe-33hu |
| summary |
MantisBT Vulnerable to Denial-of-Service (DoS) via Excessive Note Length
A lack of server-side validation for note length in MantisBT allows attackers to permanently corrupt issue activity logs by submitting extremely long notes (tested with 4,788,761 characters). Once such a note is added: |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-46556, GHSA-r3jf-hm7q-qfw5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d3yt-mkwe-33hu |
|
| 12 |
| url |
VCID-dy4y-w8g5-9udt |
| vulnerability_id |
VCID-dy4y-w8g5-9udt |
| summary |
MantisBT allows XSS on the Edit Filter page via crafted filter name
An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'foobar" onclick="alert(1)'). |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mantisbt/mantisbt@2.15.1 |
| purl |
pkg:composer/mantisbt/mantisbt@2.15.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1n7b-6pyz-cka5 |
|
| 1 |
| vulnerability |
VCID-1nq1-6hwz-7kcq |
|
| 2 |
| vulnerability |
VCID-1v33-u5bm-pyem |
|
| 3 |
| vulnerability |
VCID-516n-s5ts-eyg8 |
|
| 4 |
| vulnerability |
VCID-5mtg-nbrw-jyhp |
|
| 5 |
| vulnerability |
VCID-6tnt-m23j-pyhv |
|
| 6 |
| vulnerability |
VCID-843s-1vx7-nueb |
|
| 7 |
| vulnerability |
VCID-8676-5hmd-s3hm |
|
| 8 |
| vulnerability |
VCID-8cnw-f9a5-aygc |
|
| 9 |
| vulnerability |
VCID-8hsn-cvrk-1uh5 |
|
| 10 |
| vulnerability |
VCID-8wux-1k2d-sbam |
|
| 11 |
| vulnerability |
VCID-d3yt-mkwe-33hu |
|
| 12 |
| vulnerability |
VCID-ed8g-bc8k-dkgq |
|
| 13 |
| vulnerability |
VCID-fwyx-hjd4-b7hh |
|
| 14 |
| vulnerability |
VCID-hxaw-gp24-9kfv |
|
| 15 |
| vulnerability |
VCID-hz9e-tmbf-uydt |
|
| 16 |
| vulnerability |
VCID-jpyg-rbg3-rybh |
|
| 17 |
| vulnerability |
VCID-jqsn-z754-57ek |
|
| 18 |
| vulnerability |
VCID-jtj9-ccw1-8kd1 |
|
| 19 |
| vulnerability |
VCID-kh1w-q4tc-6yhd |
|
| 20 |
| vulnerability |
VCID-m956-44xf-2qfz |
|
| 21 |
| vulnerability |
VCID-mubw-sf3f-n3fg |
|
| 22 |
| vulnerability |
VCID-n3nu-aawj-s7af |
|
| 23 |
| vulnerability |
VCID-qazy-c4se-fyfb |
|
| 24 |
| vulnerability |
VCID-smvy-4xzy-4fbq |
|
| 25 |
| vulnerability |
VCID-stgp-f24d-qqdp |
|
| 26 |
| vulnerability |
VCID-uk44-j13d-43ce |
|
| 27 |
| vulnerability |
VCID-uyk7-6syy-m7c3 |
|
| 28 |
| vulnerability |
VCID-uzm1-jgsr-ufeg |
|
| 29 |
| vulnerability |
VCID-w3u1-um27-1uay |
|
| 30 |
| vulnerability |
VCID-y7ms-qz8n-3ugn |
|
| 31 |
| vulnerability |
VCID-ybzq-wt16-3bc2 |
|
| 32 |
| vulnerability |
VCID-yhf6-qthy-nqb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.15.1 |
|
|
| aliases |
CVE-2018-14504, GHSA-74gh-5j33-vg4w
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dy4y-w8g5-9udt |
|
| 13 |
| url |
VCID-ed8g-bc8k-dkgq |
| vulnerability_id |
VCID-ed8g-bc8k-dkgq |
| summary |
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As a workaround, define `$g_path` as appropriate in `config_inc.php`. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-23830, GHSA-mcqj-7p29-9528
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ed8g-bc8k-dkgq |
|
| 14 |
| url |
VCID-fwyx-hjd4-b7hh |
| vulnerability_id |
VCID-fwyx-hjd4-b7hh |
| summary |
MantisBT Incorrect Authorization in bug_actiongroup_page.php
An issue was discovered in MantisBT before 2.24.4. Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary fields of private Issues via bug_arr[]= in a crafted bug_actiongroup_page.php URL. (The target Issues can have Private view status, or belong to a private Project.) |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mantisbt/mantisbt@2.24.4 |
| purl |
pkg:composer/mantisbt/mantisbt@2.24.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1n7b-6pyz-cka5 |
|
| 1 |
| vulnerability |
VCID-843s-1vx7-nueb |
|
| 2 |
| vulnerability |
VCID-8676-5hmd-s3hm |
|
| 3 |
| vulnerability |
VCID-8wux-1k2d-sbam |
|
| 4 |
| vulnerability |
VCID-d3yt-mkwe-33hu |
|
| 5 |
| vulnerability |
VCID-ed8g-bc8k-dkgq |
|
| 6 |
| vulnerability |
VCID-hxaw-gp24-9kfv |
|
| 7 |
| vulnerability |
VCID-jpyg-rbg3-rybh |
|
| 8 |
| vulnerability |
VCID-jtj9-ccw1-8kd1 |
|
| 9 |
| vulnerability |
VCID-kh1w-q4tc-6yhd |
|
| 10 |
| vulnerability |
VCID-mubw-sf3f-n3fg |
|
| 11 |
| vulnerability |
VCID-n3nu-aawj-s7af |
|
| 12 |
| vulnerability |
VCID-stgp-f24d-qqdp |
|
| 13 |
| vulnerability |
VCID-uk44-j13d-43ce |
|
| 14 |
| vulnerability |
VCID-uyk7-6syy-m7c3 |
|
| 15 |
| vulnerability |
VCID-uzm1-jgsr-ufeg |
|
| 16 |
| vulnerability |
VCID-y7ms-qz8n-3ugn |
|
| 17 |
| vulnerability |
VCID-ybzq-wt16-3bc2 |
|
| 18 |
| vulnerability |
VCID-yhf6-qthy-nqb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.24.4 |
|
|
| aliases |
CVE-2020-29605, GHSA-pgg9-mmcg-8mxp
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fwyx-hjd4-b7hh |
|
| 15 |
| url |
VCID-gnd3-529f-ube6 |
| vulnerability_id |
VCID-gnd3-529f-ube6 |
| summary |
MantisBT XSS allows unsanitized input via admin/install.php
An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by the $f_database, $f_db_username, and $f_admin_username variables. This is mitigated by the fact that the admin/ folder should be deleted after installation, and also prevented by CSP. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mantisbt/mantisbt@2.5.2 |
| purl |
pkg:composer/mantisbt/mantisbt@2.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1n7b-6pyz-cka5 |
|
| 1 |
| vulnerability |
VCID-1nq1-6hwz-7kcq |
|
| 2 |
| vulnerability |
VCID-1v33-u5bm-pyem |
|
| 3 |
| vulnerability |
VCID-516n-s5ts-eyg8 |
|
| 4 |
| vulnerability |
VCID-5mtg-nbrw-jyhp |
|
| 5 |
| vulnerability |
VCID-6tnt-m23j-pyhv |
|
| 6 |
| vulnerability |
VCID-843s-1vx7-nueb |
|
| 7 |
| vulnerability |
VCID-8676-5hmd-s3hm |
|
| 8 |
| vulnerability |
VCID-8cnw-f9a5-aygc |
|
| 9 |
| vulnerability |
VCID-8hsn-cvrk-1uh5 |
|
| 10 |
| vulnerability |
VCID-8wux-1k2d-sbam |
|
| 11 |
| vulnerability |
VCID-d3yt-mkwe-33hu |
|
| 12 |
| vulnerability |
VCID-dy4y-w8g5-9udt |
|
| 13 |
| vulnerability |
VCID-ed8g-bc8k-dkgq |
|
| 14 |
| vulnerability |
VCID-fwyx-hjd4-b7hh |
|
| 15 |
| vulnerability |
VCID-hxaw-gp24-9kfv |
|
| 16 |
| vulnerability |
VCID-hz9e-tmbf-uydt |
|
| 17 |
| vulnerability |
VCID-jpyg-rbg3-rybh |
|
| 18 |
| vulnerability |
VCID-jqsn-z754-57ek |
|
| 19 |
| vulnerability |
VCID-jtj9-ccw1-8kd1 |
|
| 20 |
| vulnerability |
VCID-kh1w-q4tc-6yhd |
|
| 21 |
| vulnerability |
VCID-m956-44xf-2qfz |
|
| 22 |
| vulnerability |
VCID-mubw-sf3f-n3fg |
|
| 23 |
| vulnerability |
VCID-n3nu-aawj-s7af |
|
| 24 |
| vulnerability |
VCID-qazy-c4se-fyfb |
|
| 25 |
| vulnerability |
VCID-smvy-4xzy-4fbq |
|
| 26 |
| vulnerability |
VCID-stgp-f24d-qqdp |
|
| 27 |
| vulnerability |
VCID-uk44-j13d-43ce |
|
| 28 |
| vulnerability |
VCID-uyk7-6syy-m7c3 |
|
| 29 |
| vulnerability |
VCID-uzm1-jgsr-ufeg |
|
| 30 |
| vulnerability |
VCID-w3u1-um27-1uay |
|
| 31 |
| vulnerability |
VCID-x9k5-hczy-u3cd |
|
| 32 |
| vulnerability |
VCID-y7ms-qz8n-3ugn |
|
| 33 |
| vulnerability |
VCID-ybzq-wt16-3bc2 |
|
| 34 |
| vulnerability |
VCID-yhf6-qthy-nqb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.5.2 |
|
|
| aliases |
CVE-2017-12061, GHSA-98xr-mmq5-vc5h
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gnd3-529f-ube6 |
|
| 16 |
| url |
VCID-hxaw-gp24-9kfv |
| vulnerability_id |
VCID-hxaw-gp24-9kfv |
| summary |
MantisBT vulnerable to XSS via unescaped output in browser_search_plugin.php
An XSS issue was discovered in browser_search_plugin.php in MantisBT up to and including 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://mantisbt.org |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://mantisbt.org |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-28508, GHSA-wfg2-2wmw-6894
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hxaw-gp24-9kfv |
|
| 17 |
| url |
VCID-hz9e-tmbf-uydt |
| vulnerability_id |
VCID-hz9e-tmbf-uydt |
| summary |
MantisBT allows XSS via the Manage Filter page
A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mantisbt/mantisbt@2.17.2 |
| purl |
pkg:composer/mantisbt/mantisbt@2.17.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1n7b-6pyz-cka5 |
|
| 1 |
| vulnerability |
VCID-1nq1-6hwz-7kcq |
|
| 2 |
| vulnerability |
VCID-1v33-u5bm-pyem |
|
| 3 |
| vulnerability |
VCID-5mtg-nbrw-jyhp |
|
| 4 |
| vulnerability |
VCID-843s-1vx7-nueb |
|
| 5 |
| vulnerability |
VCID-8676-5hmd-s3hm |
|
| 6 |
| vulnerability |
VCID-8cnw-f9a5-aygc |
|
| 7 |
| vulnerability |
VCID-8hsn-cvrk-1uh5 |
|
| 8 |
| vulnerability |
VCID-8wux-1k2d-sbam |
|
| 9 |
| vulnerability |
VCID-d3yt-mkwe-33hu |
|
| 10 |
| vulnerability |
VCID-ed8g-bc8k-dkgq |
|
| 11 |
| vulnerability |
VCID-fwyx-hjd4-b7hh |
|
| 12 |
| vulnerability |
VCID-hxaw-gp24-9kfv |
|
| 13 |
| vulnerability |
VCID-jpyg-rbg3-rybh |
|
| 14 |
| vulnerability |
VCID-jqsn-z754-57ek |
|
| 15 |
| vulnerability |
VCID-jtj9-ccw1-8kd1 |
|
| 16 |
| vulnerability |
VCID-kh1w-q4tc-6yhd |
|
| 17 |
| vulnerability |
VCID-m956-44xf-2qfz |
|
| 18 |
| vulnerability |
VCID-mubw-sf3f-n3fg |
|
| 19 |
| vulnerability |
VCID-n3nu-aawj-s7af |
|
| 20 |
| vulnerability |
VCID-qazy-c4se-fyfb |
|
| 21 |
| vulnerability |
VCID-smvy-4xzy-4fbq |
|
| 22 |
| vulnerability |
VCID-stgp-f24d-qqdp |
|
| 23 |
| vulnerability |
VCID-uk44-j13d-43ce |
|
| 24 |
| vulnerability |
VCID-uyk7-6syy-m7c3 |
|
| 25 |
| vulnerability |
VCID-uzm1-jgsr-ufeg |
|
| 26 |
| vulnerability |
VCID-w3u1-um27-1uay |
|
| 27 |
| vulnerability |
VCID-y7ms-qz8n-3ugn |
|
| 28 |
| vulnerability |
VCID-ybzq-wt16-3bc2 |
|
| 29 |
| vulnerability |
VCID-yhf6-qthy-nqb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.17.2 |
|
|
| aliases |
CVE-2018-17782, GHSA-ggjm-7m5f-7xjv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hz9e-tmbf-uydt |
|
| 18 |
| url |
VCID-jpyg-rbg3-rybh |
| vulnerability_id |
VCID-jpyg-rbg3-rybh |
| summary |
MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the link, link label, and tooltip. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-34080, GHSA-99jc-wqmr-ff2q
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jpyg-rbg3-rybh |
|
| 19 |
| url |
VCID-jqsn-z754-57ek |
| vulnerability_id |
VCID-jqsn-z754-57ek |
| summary |
MantisBT unauthorized users able to access private files
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mantisbt/mantisbt@2.24.3 |
| purl |
pkg:composer/mantisbt/mantisbt@2.24.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1n7b-6pyz-cka5 |
|
| 1 |
| vulnerability |
VCID-5mtg-nbrw-jyhp |
|
| 2 |
| vulnerability |
VCID-843s-1vx7-nueb |
|
| 3 |
| vulnerability |
VCID-8676-5hmd-s3hm |
|
| 4 |
| vulnerability |
VCID-8hsn-cvrk-1uh5 |
|
| 5 |
| vulnerability |
VCID-8wux-1k2d-sbam |
|
| 6 |
| vulnerability |
VCID-d3yt-mkwe-33hu |
|
| 7 |
| vulnerability |
VCID-ed8g-bc8k-dkgq |
|
| 8 |
| vulnerability |
VCID-fwyx-hjd4-b7hh |
|
| 9 |
| vulnerability |
VCID-hxaw-gp24-9kfv |
|
| 10 |
| vulnerability |
VCID-jpyg-rbg3-rybh |
|
| 11 |
| vulnerability |
VCID-jtj9-ccw1-8kd1 |
|
| 12 |
| vulnerability |
VCID-kh1w-q4tc-6yhd |
|
| 13 |
| vulnerability |
VCID-mubw-sf3f-n3fg |
|
| 14 |
| vulnerability |
VCID-n3nu-aawj-s7af |
|
| 15 |
| vulnerability |
VCID-qazy-c4se-fyfb |
|
| 16 |
| vulnerability |
VCID-stgp-f24d-qqdp |
|
| 17 |
| vulnerability |
VCID-uk44-j13d-43ce |
|
| 18 |
| vulnerability |
VCID-uyk7-6syy-m7c3 |
|
| 19 |
| vulnerability |
VCID-uzm1-jgsr-ufeg |
|
| 20 |
| vulnerability |
VCID-w3u1-um27-1uay |
|
| 21 |
| vulnerability |
VCID-y7ms-qz8n-3ugn |
|
| 22 |
| vulnerability |
VCID-ybzq-wt16-3bc2 |
|
| 23 |
| vulnerability |
VCID-yhf6-qthy-nqb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.24.3 |
|
|
| aliases |
CVE-2020-25781, GHSA-xjmx-cprh-646r
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jqsn-z754-57ek |
|
| 20 |
| url |
VCID-jtj9-ccw1-8kd1 |
| vulnerability_id |
VCID-jtj9-ccw1-8kd1 |
| summary |
MantisBT may disclose project names to unauthorized users
Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-44394, GHSA-v642-mh27-8j6m
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jtj9-ccw1-8kd1 |
|
| 21 |
| url |
VCID-kh1w-q4tc-6yhd |
| vulnerability_id |
VCID-kh1w-q4tc-6yhd |
| summary |
MantisBT Insufficient Session Expiration cookie string not reset after logout
An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as them. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mantisbt/mantisbt@2.24.5 |
| purl |
pkg:composer/mantisbt/mantisbt@2.24.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1n7b-6pyz-cka5 |
|
| 1 |
| vulnerability |
VCID-843s-1vx7-nueb |
|
| 2 |
| vulnerability |
VCID-8676-5hmd-s3hm |
|
| 3 |
| vulnerability |
VCID-8wux-1k2d-sbam |
|
| 4 |
| vulnerability |
VCID-d3yt-mkwe-33hu |
|
| 5 |
| vulnerability |
VCID-ed8g-bc8k-dkgq |
|
| 6 |
| vulnerability |
VCID-hxaw-gp24-9kfv |
|
| 7 |
| vulnerability |
VCID-jpyg-rbg3-rybh |
|
| 8 |
| vulnerability |
VCID-jtj9-ccw1-8kd1 |
|
| 9 |
| vulnerability |
VCID-mubw-sf3f-n3fg |
|
| 10 |
| vulnerability |
VCID-n3nu-aawj-s7af |
|
| 11 |
| vulnerability |
VCID-stgp-f24d-qqdp |
|
| 12 |
| vulnerability |
VCID-uk44-j13d-43ce |
|
| 13 |
| vulnerability |
VCID-uyk7-6syy-m7c3 |
|
| 14 |
| vulnerability |
VCID-uzm1-jgsr-ufeg |
|
| 15 |
| vulnerability |
VCID-y7ms-qz8n-3ugn |
|
| 16 |
| vulnerability |
VCID-ybzq-wt16-3bc2 |
|
| 17 |
| vulnerability |
VCID-yhf6-qthy-nqb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.24.5 |
|
|
| aliases |
CVE-2009-20001, GHSA-jm72-67rm-763j
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kh1w-q4tc-6yhd |
|
| 22 |
| url |
VCID-m956-44xf-2qfz |
| vulnerability_id |
VCID-m956-44xf-2qfz |
| summary |
MantisBT allows cross-site scripting (XSS) via crafted filename
The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed for any user having visibility to the issue, whenever My View Page is displayed. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mantisbt/mantisbt@2.21.2 |
| purl |
pkg:composer/mantisbt/mantisbt@2.21.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1n7b-6pyz-cka5 |
|
| 1 |
| vulnerability |
VCID-1nq1-6hwz-7kcq |
|
| 2 |
| vulnerability |
VCID-1v33-u5bm-pyem |
|
| 3 |
| vulnerability |
VCID-5mtg-nbrw-jyhp |
|
| 4 |
| vulnerability |
VCID-843s-1vx7-nueb |
|
| 5 |
| vulnerability |
VCID-8676-5hmd-s3hm |
|
| 6 |
| vulnerability |
VCID-8cnw-f9a5-aygc |
|
| 7 |
| vulnerability |
VCID-8hsn-cvrk-1uh5 |
|
| 8 |
| vulnerability |
VCID-8wux-1k2d-sbam |
|
| 9 |
| vulnerability |
VCID-d3yt-mkwe-33hu |
|
| 10 |
| vulnerability |
VCID-ed8g-bc8k-dkgq |
|
| 11 |
| vulnerability |
VCID-fwyx-hjd4-b7hh |
|
| 12 |
| vulnerability |
VCID-hxaw-gp24-9kfv |
|
| 13 |
| vulnerability |
VCID-jpyg-rbg3-rybh |
|
| 14 |
| vulnerability |
VCID-jqsn-z754-57ek |
|
| 15 |
| vulnerability |
VCID-jtj9-ccw1-8kd1 |
|
| 16 |
| vulnerability |
VCID-kh1w-q4tc-6yhd |
|
| 17 |
| vulnerability |
VCID-mubw-sf3f-n3fg |
|
| 18 |
| vulnerability |
VCID-n3nu-aawj-s7af |
|
| 19 |
| vulnerability |
VCID-qazy-c4se-fyfb |
|
| 20 |
| vulnerability |
VCID-smvy-4xzy-4fbq |
|
| 21 |
| vulnerability |
VCID-stgp-f24d-qqdp |
|
| 22 |
| vulnerability |
VCID-uk44-j13d-43ce |
|
| 23 |
| vulnerability |
VCID-uyk7-6syy-m7c3 |
|
| 24 |
| vulnerability |
VCID-uzm1-jgsr-ufeg |
|
| 25 |
| vulnerability |
VCID-w3u1-um27-1uay |
|
| 26 |
| vulnerability |
VCID-y7ms-qz8n-3ugn |
|
| 27 |
| vulnerability |
VCID-ybzq-wt16-3bc2 |
|
| 28 |
| vulnerability |
VCID-yhf6-qthy-nqb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.21.2 |
|
|
| aliases |
CVE-2019-15074, GHSA-gg4j-279j-22ph
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m956-44xf-2qfz |
|
| 23 |
| url |
VCID-mubw-sf3f-n3fg |
| vulnerability_id |
VCID-mubw-sf3f-n3fg |
| summary |
Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting
Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when:
- resolving or closing issues (bug_change_status_page.php) belonging to a project linking said custom field
- viewing issues (view_all_bug_page.php) when the custom field is displayed as a column
- printing issues (print_all_bug_page.php) when the custom field is displayed as a column |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-34081, GHSA-wgx7-jp56-65mq
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mubw-sf3f-n3fg |
|
| 24 |
| url |
VCID-n3nu-aawj-s7af |
| vulnerability_id |
VCID-n3nu-aawj-s7af |
| summary |
MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling
Due to an incorrect use of loose (`==`) instead of strict (`===`) comparison in the [authentication code][1], PHP type juggling will cause interpretation of certain MD5 hashes as numbers, specifically those matching scientific notation.
[1]: https://github.com/mantisbt/mantisbt/blob/0fb502dd613991e892ed2224ac5ea3e40ba632bc/core/authentication_api.php#L782 |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/mantisbt/mantisbt |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
8.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/mantisbt/mantisbt |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-47776, GHSA-4v8w-gg5j-ph37
|
| risk_score |
4.1 |
| exploitability |
0.5 |
| weighted_severity |
8.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n3nu-aawj-s7af |
|
| 25 |
| url |
VCID-qazy-c4se-fyfb |
| vulnerability_id |
VCID-qazy-c4se-fyfb |
| summary |
MantisBT Insecure Storage in manage_proj_edit_page.php
In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mantisbt/mantisbt@2.24.4 |
| purl |
pkg:composer/mantisbt/mantisbt@2.24.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1n7b-6pyz-cka5 |
|
| 1 |
| vulnerability |
VCID-843s-1vx7-nueb |
|
| 2 |
| vulnerability |
VCID-8676-5hmd-s3hm |
|
| 3 |
| vulnerability |
VCID-8wux-1k2d-sbam |
|
| 4 |
| vulnerability |
VCID-d3yt-mkwe-33hu |
|
| 5 |
| vulnerability |
VCID-ed8g-bc8k-dkgq |
|
| 6 |
| vulnerability |
VCID-hxaw-gp24-9kfv |
|
| 7 |
| vulnerability |
VCID-jpyg-rbg3-rybh |
|
| 8 |
| vulnerability |
VCID-jtj9-ccw1-8kd1 |
|
| 9 |
| vulnerability |
VCID-kh1w-q4tc-6yhd |
|
| 10 |
| vulnerability |
VCID-mubw-sf3f-n3fg |
|
| 11 |
| vulnerability |
VCID-n3nu-aawj-s7af |
|
| 12 |
| vulnerability |
VCID-stgp-f24d-qqdp |
|
| 13 |
| vulnerability |
VCID-uk44-j13d-43ce |
|
| 14 |
| vulnerability |
VCID-uyk7-6syy-m7c3 |
|
| 15 |
| vulnerability |
VCID-uzm1-jgsr-ufeg |
|
| 16 |
| vulnerability |
VCID-y7ms-qz8n-3ugn |
|
| 17 |
| vulnerability |
VCID-ybzq-wt16-3bc2 |
|
| 18 |
| vulnerability |
VCID-yhf6-qthy-nqb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.24.4 |
|
|
| aliases |
CVE-2020-29603, GHSA-qpj5-f88q-x7px
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qazy-c4se-fyfb |
|
| 26 |
| url |
VCID-qmgr-sz7u-7kam |
| vulnerability_id |
VCID-qmgr-sz7u-7kam |
| summary |
MantisBT vulnerable to XSS via unsanitized filter field in manage_user_page.php
An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mantisbt/mantisbt@2.5.2 |
| purl |
pkg:composer/mantisbt/mantisbt@2.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1n7b-6pyz-cka5 |
|
| 1 |
| vulnerability |
VCID-1nq1-6hwz-7kcq |
|
| 2 |
| vulnerability |
VCID-1v33-u5bm-pyem |
|
| 3 |
| vulnerability |
VCID-516n-s5ts-eyg8 |
|
| 4 |
| vulnerability |
VCID-5mtg-nbrw-jyhp |
|
| 5 |
| vulnerability |
VCID-6tnt-m23j-pyhv |
|
| 6 |
| vulnerability |
VCID-843s-1vx7-nueb |
|
| 7 |
| vulnerability |
VCID-8676-5hmd-s3hm |
|
| 8 |
| vulnerability |
VCID-8cnw-f9a5-aygc |
|
| 9 |
| vulnerability |
VCID-8hsn-cvrk-1uh5 |
|
| 10 |
| vulnerability |
VCID-8wux-1k2d-sbam |
|
| 11 |
| vulnerability |
VCID-d3yt-mkwe-33hu |
|
| 12 |
| vulnerability |
VCID-dy4y-w8g5-9udt |
|
| 13 |
| vulnerability |
VCID-ed8g-bc8k-dkgq |
|
| 14 |
| vulnerability |
VCID-fwyx-hjd4-b7hh |
|
| 15 |
| vulnerability |
VCID-hxaw-gp24-9kfv |
|
| 16 |
| vulnerability |
VCID-hz9e-tmbf-uydt |
|
| 17 |
| vulnerability |
VCID-jpyg-rbg3-rybh |
|
| 18 |
| vulnerability |
VCID-jqsn-z754-57ek |
|
| 19 |
| vulnerability |
VCID-jtj9-ccw1-8kd1 |
|
| 20 |
| vulnerability |
VCID-kh1w-q4tc-6yhd |
|
| 21 |
| vulnerability |
VCID-m956-44xf-2qfz |
|
| 22 |
| vulnerability |
VCID-mubw-sf3f-n3fg |
|
| 23 |
| vulnerability |
VCID-n3nu-aawj-s7af |
|
| 24 |
| vulnerability |
VCID-qazy-c4se-fyfb |
|
| 25 |
| vulnerability |
VCID-smvy-4xzy-4fbq |
|
| 26 |
| vulnerability |
VCID-stgp-f24d-qqdp |
|
| 27 |
| vulnerability |
VCID-uk44-j13d-43ce |
|
| 28 |
| vulnerability |
VCID-uyk7-6syy-m7c3 |
|
| 29 |
| vulnerability |
VCID-uzm1-jgsr-ufeg |
|
| 30 |
| vulnerability |
VCID-w3u1-um27-1uay |
|
| 31 |
| vulnerability |
VCID-x9k5-hczy-u3cd |
|
| 32 |
| vulnerability |
VCID-y7ms-qz8n-3ugn |
|
| 33 |
| vulnerability |
VCID-ybzq-wt16-3bc2 |
|
| 34 |
| vulnerability |
VCID-yhf6-qthy-nqb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.5.2 |
|
|
| aliases |
CVE-2017-12062, GHSA-w93w-rx52-24qh
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qmgr-sz7u-7kam |
|
| 27 |
| url |
VCID-smvy-4xzy-4fbq |
| vulnerability_id |
VCID-smvy-4xzy-4fbq |
| summary |
MantisBT XSS issue on the view_all_bug_page.php
An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on view_all_bug_page.php allows a remote attacker to inject arbitrary HTML into the page by saving it into a text Custom Field, leading to possible code execution in the browser of any user subsequently viewing the issue (if CSP settings allow it). |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mantisbt/mantisbt@2.24.2 |
| purl |
pkg:composer/mantisbt/mantisbt@2.24.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1n7b-6pyz-cka5 |
|
| 1 |
| vulnerability |
VCID-1nq1-6hwz-7kcq |
|
| 2 |
| vulnerability |
VCID-5mtg-nbrw-jyhp |
|
| 3 |
| vulnerability |
VCID-843s-1vx7-nueb |
|
| 4 |
| vulnerability |
VCID-8676-5hmd-s3hm |
|
| 5 |
| vulnerability |
VCID-8hsn-cvrk-1uh5 |
|
| 6 |
| vulnerability |
VCID-8wux-1k2d-sbam |
|
| 7 |
| vulnerability |
VCID-d3yt-mkwe-33hu |
|
| 8 |
| vulnerability |
VCID-ed8g-bc8k-dkgq |
|
| 9 |
| vulnerability |
VCID-fwyx-hjd4-b7hh |
|
| 10 |
| vulnerability |
VCID-hxaw-gp24-9kfv |
|
| 11 |
| vulnerability |
VCID-jpyg-rbg3-rybh |
|
| 12 |
| vulnerability |
VCID-jqsn-z754-57ek |
|
| 13 |
| vulnerability |
VCID-jtj9-ccw1-8kd1 |
|
| 14 |
| vulnerability |
VCID-kh1w-q4tc-6yhd |
|
| 15 |
| vulnerability |
VCID-mubw-sf3f-n3fg |
|
| 16 |
| vulnerability |
VCID-n3nu-aawj-s7af |
|
| 17 |
| vulnerability |
VCID-qazy-c4se-fyfb |
|
| 18 |
| vulnerability |
VCID-stgp-f24d-qqdp |
|
| 19 |
| vulnerability |
VCID-ubun-zdjr-7uem |
|
| 20 |
| vulnerability |
VCID-uk44-j13d-43ce |
|
| 21 |
| vulnerability |
VCID-uyk7-6syy-m7c3 |
|
| 22 |
| vulnerability |
VCID-uzm1-jgsr-ufeg |
|
| 23 |
| vulnerability |
VCID-w3u1-um27-1uay |
|
| 24 |
| vulnerability |
VCID-y7ms-qz8n-3ugn |
|
| 25 |
| vulnerability |
VCID-ybzq-wt16-3bc2 |
|
| 26 |
| vulnerability |
VCID-yhf6-qthy-nqb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.24.2 |
|
|
| aliases |
CVE-2020-16266, GHSA-4rrc-5vp6-m3f6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-smvy-4xzy-4fbq |
|
| 28 |
| url |
VCID-stgp-f24d-qqdp |
| vulnerability_id |
VCID-stgp-f24d-qqdp |
| summary |
MantisBT XSS in manage_custom_field_update.php
An issue was discovered in MantisBT through 2.24.3. In the helper_ensure_confirmed call in manage_custom_field_update.php, the custom field name is not sanitized. This may be problematic depending on CSP settings. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mantisbt/mantisbt@2.25.0 |
| purl |
pkg:composer/mantisbt/mantisbt@2.25.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1n7b-6pyz-cka5 |
|
| 1 |
| vulnerability |
VCID-843s-1vx7-nueb |
|
| 2 |
| vulnerability |
VCID-8676-5hmd-s3hm |
|
| 3 |
| vulnerability |
VCID-8wux-1k2d-sbam |
|
| 4 |
| vulnerability |
VCID-d3yt-mkwe-33hu |
|
| 5 |
| vulnerability |
VCID-ed8g-bc8k-dkgq |
|
| 6 |
| vulnerability |
VCID-hxaw-gp24-9kfv |
|
| 7 |
| vulnerability |
VCID-jpyg-rbg3-rybh |
|
| 8 |
| vulnerability |
VCID-jtj9-ccw1-8kd1 |
|
| 9 |
| vulnerability |
VCID-mubw-sf3f-n3fg |
|
| 10 |
| vulnerability |
VCID-n3nu-aawj-s7af |
|
| 11 |
| vulnerability |
VCID-uk44-j13d-43ce |
|
| 12 |
| vulnerability |
VCID-uyk7-6syy-m7c3 |
|
| 13 |
| vulnerability |
VCID-uzm1-jgsr-ufeg |
|
| 14 |
| vulnerability |
VCID-y7ms-qz8n-3ugn |
|
| 15 |
| vulnerability |
VCID-ybzq-wt16-3bc2 |
|
| 16 |
| vulnerability |
VCID-yhf6-qthy-nqb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.25.0 |
|
|
| aliases |
CVE-2020-35571, GHSA-cvrm-cr3m-qj92
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-stgp-f24d-qqdp |
|
| 29 |
| url |
VCID-uk44-j13d-43ce |
| vulnerability_id |
VCID-uk44-j13d-43ce |
| summary |
MantisBT XSS through crafted SVG documents in file_download.php
An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download.php opens the SVG document in a browser tab instead of downloading it as a file, causing the JavaScript code to execute. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2022-33910, GHSA-qghg-v7xv-q98q
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uk44-j13d-43ce |
|
| 30 |
| url |
VCID-uyk7-6syy-m7c3 |
| vulnerability_id |
VCID-uyk7-6syy-m7c3 |
| summary |
MantisBT CSV Injection unprivileged user access in csv_export.php
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2021-43257, GHSA-rg8f-5p7x-m6wv
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uyk7-6syy-m7c3 |
|
| 31 |
| url |
VCID-uzm1-jgsr-ufeg |
| vulnerability_id |
VCID-uzm1-jgsr-ufeg |
| summary |
MantisBT vulnerable to XSS due to improper escape in manage_plugin_page.php and manage_plugin_uninstall.php
An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code (if CSP allows it) in manage_plugin_page.php and manage_plugin_uninstall.php when a crafted plugin is installed. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2022-26144, GHSA-rqgj-rqfr-5j6f
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uzm1-jgsr-ufeg |
|
| 32 |
| url |
VCID-w3u1-um27-1uay |
| vulnerability_id |
VCID-w3u1-um27-1uay |
| summary |
MantisBT SQL Injection via mc_project_get_users function
In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mantisbt/mantisbt@2.24.4 |
| purl |
pkg:composer/mantisbt/mantisbt@2.24.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1n7b-6pyz-cka5 |
|
| 1 |
| vulnerability |
VCID-843s-1vx7-nueb |
|
| 2 |
| vulnerability |
VCID-8676-5hmd-s3hm |
|
| 3 |
| vulnerability |
VCID-8wux-1k2d-sbam |
|
| 4 |
| vulnerability |
VCID-d3yt-mkwe-33hu |
|
| 5 |
| vulnerability |
VCID-ed8g-bc8k-dkgq |
|
| 6 |
| vulnerability |
VCID-hxaw-gp24-9kfv |
|
| 7 |
| vulnerability |
VCID-jpyg-rbg3-rybh |
|
| 8 |
| vulnerability |
VCID-jtj9-ccw1-8kd1 |
|
| 9 |
| vulnerability |
VCID-kh1w-q4tc-6yhd |
|
| 10 |
| vulnerability |
VCID-mubw-sf3f-n3fg |
|
| 11 |
| vulnerability |
VCID-n3nu-aawj-s7af |
|
| 12 |
| vulnerability |
VCID-stgp-f24d-qqdp |
|
| 13 |
| vulnerability |
VCID-uk44-j13d-43ce |
|
| 14 |
| vulnerability |
VCID-uyk7-6syy-m7c3 |
|
| 15 |
| vulnerability |
VCID-uzm1-jgsr-ufeg |
|
| 16 |
| vulnerability |
VCID-y7ms-qz8n-3ugn |
|
| 17 |
| vulnerability |
VCID-ybzq-wt16-3bc2 |
|
| 18 |
| vulnerability |
VCID-yhf6-qthy-nqb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.24.4 |
|
|
| aliases |
CVE-2020-28413, GHSA-49w9-82cj-xr48
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w3u1-um27-1uay |
|
| 33 |
| url |
VCID-x9k5-hczy-u3cd |
| vulnerability_id |
VCID-x9k5-hczy-u3cd |
| summary |
MantisBT allows XSS via View Filters page
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mantisbt/mantisbt@2.15.1 |
| purl |
pkg:composer/mantisbt/mantisbt@2.15.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1n7b-6pyz-cka5 |
|
| 1 |
| vulnerability |
VCID-1nq1-6hwz-7kcq |
|
| 2 |
| vulnerability |
VCID-1v33-u5bm-pyem |
|
| 3 |
| vulnerability |
VCID-516n-s5ts-eyg8 |
|
| 4 |
| vulnerability |
VCID-5mtg-nbrw-jyhp |
|
| 5 |
| vulnerability |
VCID-6tnt-m23j-pyhv |
|
| 6 |
| vulnerability |
VCID-843s-1vx7-nueb |
|
| 7 |
| vulnerability |
VCID-8676-5hmd-s3hm |
|
| 8 |
| vulnerability |
VCID-8cnw-f9a5-aygc |
|
| 9 |
| vulnerability |
VCID-8hsn-cvrk-1uh5 |
|
| 10 |
| vulnerability |
VCID-8wux-1k2d-sbam |
|
| 11 |
| vulnerability |
VCID-d3yt-mkwe-33hu |
|
| 12 |
| vulnerability |
VCID-ed8g-bc8k-dkgq |
|
| 13 |
| vulnerability |
VCID-fwyx-hjd4-b7hh |
|
| 14 |
| vulnerability |
VCID-hxaw-gp24-9kfv |
|
| 15 |
| vulnerability |
VCID-hz9e-tmbf-uydt |
|
| 16 |
| vulnerability |
VCID-jpyg-rbg3-rybh |
|
| 17 |
| vulnerability |
VCID-jqsn-z754-57ek |
|
| 18 |
| vulnerability |
VCID-jtj9-ccw1-8kd1 |
|
| 19 |
| vulnerability |
VCID-kh1w-q4tc-6yhd |
|
| 20 |
| vulnerability |
VCID-m956-44xf-2qfz |
|
| 21 |
| vulnerability |
VCID-mubw-sf3f-n3fg |
|
| 22 |
| vulnerability |
VCID-n3nu-aawj-s7af |
|
| 23 |
| vulnerability |
VCID-qazy-c4se-fyfb |
|
| 24 |
| vulnerability |
VCID-smvy-4xzy-4fbq |
|
| 25 |
| vulnerability |
VCID-stgp-f24d-qqdp |
|
| 26 |
| vulnerability |
VCID-uk44-j13d-43ce |
|
| 27 |
| vulnerability |
VCID-uyk7-6syy-m7c3 |
|
| 28 |
| vulnerability |
VCID-uzm1-jgsr-ufeg |
|
| 29 |
| vulnerability |
VCID-w3u1-um27-1uay |
|
| 30 |
| vulnerability |
VCID-y7ms-qz8n-3ugn |
|
| 31 |
| vulnerability |
VCID-ybzq-wt16-3bc2 |
|
| 32 |
| vulnerability |
VCID-yhf6-qthy-nqb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.15.1 |
|
|
| aliases |
CVE-2018-13055, GHSA-mjp7-97w4-jwhc
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x9k5-hczy-u3cd |
|
| 34 |
| url |
VCID-xz9f-ksj8-3bhk |
| vulnerability_id |
VCID-xz9f-ksj8-3bhk |
| summary |
MantisBT vulnerable to CSRF and Open Redirect attacks
MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mantisbt/mantisbt@2.3.3 |
| purl |
pkg:composer/mantisbt/mantisbt@2.3.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1n7b-6pyz-cka5 |
|
| 1 |
| vulnerability |
VCID-1nq1-6hwz-7kcq |
|
| 2 |
| vulnerability |
VCID-1v33-u5bm-pyem |
|
| 3 |
| vulnerability |
VCID-516n-s5ts-eyg8 |
|
| 4 |
| vulnerability |
VCID-5mtg-nbrw-jyhp |
|
| 5 |
| vulnerability |
VCID-6tnt-m23j-pyhv |
|
| 6 |
| vulnerability |
VCID-843s-1vx7-nueb |
|
| 7 |
| vulnerability |
VCID-8676-5hmd-s3hm |
|
| 8 |
| vulnerability |
VCID-8cnw-f9a5-aygc |
|
| 9 |
| vulnerability |
VCID-8hsn-cvrk-1uh5 |
|
| 10 |
| vulnerability |
VCID-8wux-1k2d-sbam |
|
| 11 |
| vulnerability |
VCID-d3yt-mkwe-33hu |
|
| 12 |
| vulnerability |
VCID-dy4y-w8g5-9udt |
|
| 13 |
| vulnerability |
VCID-ed8g-bc8k-dkgq |
|
| 14 |
| vulnerability |
VCID-fwyx-hjd4-b7hh |
|
| 15 |
| vulnerability |
VCID-gnd3-529f-ube6 |
|
| 16 |
| vulnerability |
VCID-hxaw-gp24-9kfv |
|
| 17 |
| vulnerability |
VCID-hz9e-tmbf-uydt |
|
| 18 |
| vulnerability |
VCID-jpyg-rbg3-rybh |
|
| 19 |
| vulnerability |
VCID-jqsn-z754-57ek |
|
| 20 |
| vulnerability |
VCID-jtj9-ccw1-8kd1 |
|
| 21 |
| vulnerability |
VCID-kh1w-q4tc-6yhd |
|
| 22 |
| vulnerability |
VCID-m956-44xf-2qfz |
|
| 23 |
| vulnerability |
VCID-mubw-sf3f-n3fg |
|
| 24 |
| vulnerability |
VCID-n3nu-aawj-s7af |
|
| 25 |
| vulnerability |
VCID-qazy-c4se-fyfb |
|
| 26 |
| vulnerability |
VCID-qmgr-sz7u-7kam |
|
| 27 |
| vulnerability |
VCID-smvy-4xzy-4fbq |
|
| 28 |
| vulnerability |
VCID-stgp-f24d-qqdp |
|
| 29 |
| vulnerability |
VCID-uk44-j13d-43ce |
|
| 30 |
| vulnerability |
VCID-uyk7-6syy-m7c3 |
|
| 31 |
| vulnerability |
VCID-uzm1-jgsr-ufeg |
|
| 32 |
| vulnerability |
VCID-w3u1-um27-1uay |
|
| 33 |
| vulnerability |
VCID-x9k5-hczy-u3cd |
|
| 34 |
| vulnerability |
VCID-y7ms-qz8n-3ugn |
|
| 35 |
| vulnerability |
VCID-ybzq-wt16-3bc2 |
|
| 36 |
| vulnerability |
VCID-yhf6-qthy-nqb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.3.3 |
|
| 1 |
| url |
pkg:composer/mantisbt/mantisbt@2.4.1 |
| purl |
pkg:composer/mantisbt/mantisbt@2.4.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1n7b-6pyz-cka5 |
|
| 1 |
| vulnerability |
VCID-1nq1-6hwz-7kcq |
|
| 2 |
| vulnerability |
VCID-1v33-u5bm-pyem |
|
| 3 |
| vulnerability |
VCID-516n-s5ts-eyg8 |
|
| 4 |
| vulnerability |
VCID-5mtg-nbrw-jyhp |
|
| 5 |
| vulnerability |
VCID-6tnt-m23j-pyhv |
|
| 6 |
| vulnerability |
VCID-843s-1vx7-nueb |
|
| 7 |
| vulnerability |
VCID-8676-5hmd-s3hm |
|
| 8 |
| vulnerability |
VCID-8cnw-f9a5-aygc |
|
| 9 |
| vulnerability |
VCID-8hsn-cvrk-1uh5 |
|
| 10 |
| vulnerability |
VCID-8wux-1k2d-sbam |
|
| 11 |
| vulnerability |
VCID-d3yt-mkwe-33hu |
|
| 12 |
| vulnerability |
VCID-dy4y-w8g5-9udt |
|
| 13 |
| vulnerability |
VCID-ed8g-bc8k-dkgq |
|
| 14 |
| vulnerability |
VCID-fwyx-hjd4-b7hh |
|
| 15 |
| vulnerability |
VCID-gnd3-529f-ube6 |
|
| 16 |
| vulnerability |
VCID-hxaw-gp24-9kfv |
|
| 17 |
| vulnerability |
VCID-hz9e-tmbf-uydt |
|
| 18 |
| vulnerability |
VCID-jpyg-rbg3-rybh |
|
| 19 |
| vulnerability |
VCID-jqsn-z754-57ek |
|
| 20 |
| vulnerability |
VCID-jtj9-ccw1-8kd1 |
|
| 21 |
| vulnerability |
VCID-kh1w-q4tc-6yhd |
|
| 22 |
| vulnerability |
VCID-m956-44xf-2qfz |
|
| 23 |
| vulnerability |
VCID-mubw-sf3f-n3fg |
|
| 24 |
| vulnerability |
VCID-n3nu-aawj-s7af |
|
| 25 |
| vulnerability |
VCID-qazy-c4se-fyfb |
|
| 26 |
| vulnerability |
VCID-qmgr-sz7u-7kam |
|
| 27 |
| vulnerability |
VCID-smvy-4xzy-4fbq |
|
| 28 |
| vulnerability |
VCID-stgp-f24d-qqdp |
|
| 29 |
| vulnerability |
VCID-uk44-j13d-43ce |
|
| 30 |
| vulnerability |
VCID-uyk7-6syy-m7c3 |
|
| 31 |
| vulnerability |
VCID-uzm1-jgsr-ufeg |
|
| 32 |
| vulnerability |
VCID-w3u1-um27-1uay |
|
| 33 |
| vulnerability |
VCID-x9k5-hczy-u3cd |
|
| 34 |
| vulnerability |
VCID-y7ms-qz8n-3ugn |
|
| 35 |
| vulnerability |
VCID-ybzq-wt16-3bc2 |
|
| 36 |
| vulnerability |
VCID-yhf6-qthy-nqb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.4.1 |
|
|
| aliases |
CVE-2017-7620, GHSA-9x76-mp7r-2xc5
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xz9f-ksj8-3bhk |
|
| 35 |
| url |
VCID-y7ms-qz8n-3ugn |
| vulnerability_id |
VCID-y7ms-qz8n-3ugn |
| summary |
MantisBT allows XSS in manage_custom_field_edit_page.php
An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mantisbt/mantisbt@2.25.2 |
| purl |
pkg:composer/mantisbt/mantisbt@2.25.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1n7b-6pyz-cka5 |
|
| 1 |
| vulnerability |
VCID-843s-1vx7-nueb |
|
| 2 |
| vulnerability |
VCID-8676-5hmd-s3hm |
|
| 3 |
| vulnerability |
VCID-8wux-1k2d-sbam |
|
| 4 |
| vulnerability |
VCID-d3yt-mkwe-33hu |
|
| 5 |
| vulnerability |
VCID-ed8g-bc8k-dkgq |
|
| 6 |
| vulnerability |
VCID-hxaw-gp24-9kfv |
|
| 7 |
| vulnerability |
VCID-jpyg-rbg3-rybh |
|
| 8 |
| vulnerability |
VCID-jtj9-ccw1-8kd1 |
|
| 9 |
| vulnerability |
VCID-mubw-sf3f-n3fg |
|
| 10 |
| vulnerability |
VCID-n3nu-aawj-s7af |
|
| 11 |
| vulnerability |
VCID-uk44-j13d-43ce |
|
| 12 |
| vulnerability |
VCID-uyk7-6syy-m7c3 |
|
| 13 |
| vulnerability |
VCID-uzm1-jgsr-ufeg |
|
| 14 |
| vulnerability |
VCID-ybzq-wt16-3bc2 |
|
| 15 |
| vulnerability |
VCID-yhf6-qthy-nqb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.25.2 |
|
|
| aliases |
CVE-2021-33557, GHSA-52cx-vphc-jmjm
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y7ms-qz8n-3ugn |
|
| 36 |
| url |
VCID-ybzq-wt16-3bc2 |
| vulnerability_id |
VCID-ybzq-wt16-3bc2 |
| summary |
MantisBT may expose private issues' summaries to unauthorized users
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the _Summary_ field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted `bug_arr[]` parameter in *bug_actiongroup_ext.php*. This issue is fixed in version 2.25.6. There are no workarounds. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-22476, GHSA-hf4x-6h87-hm79
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ybzq-wt16-3bc2 |
|
| 37 |
| url |
VCID-yhf6-qthy-nqb2 |
| vulnerability_id |
VCID-yhf6-qthy-nqb2 |
| summary |
MantisBT unauthorized disclosure of private project column configuration
Due to insufficient access-level checks, any non-admin user having access to _manage_config_columns_page.php_ (typically project managers having MANAGER role) can use the _Copy From_ action to retrieve the columns configuration from a private project they have no access to.
Access to the reverse operation (_Copy To_) is correctly controlled, i.e. it is not possible to alter the private project's configuration. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/mantisbt/mantisbt |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/mantisbt/mantisbt |
|
| 2 |
|
| 3 |
| reference_url |
https://mantisbt.org/bugs/view.php?id=36502 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-04T21:44:26Z/ |
|
|
| url |
https://mantisbt.org/bugs/view.php?id=36502 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-62520, GHSA-g582-8vwr-68h2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yhf6-qthy-nqb2 |
|