{"url":"http://public2.vulnerablecode.io/api/packages/62700?format=json","purl":"pkg:composer/mantisbt/mantisbt@2.0.0","type":"composer","namespace":"mantisbt","name":"mantisbt","version":"2.0.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.28.2","latest_non_vulnerable_version":"2.28.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112321?format=json","vulnerability_id":"VCID-1v33-u5bm-pyem","summary":"MantisBT Remote Code Execution\nMantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.","references":[{"reference_url":"http://packetstormsecurity.com/files/159219/Mantis-Bug-Tracker-2.3.0-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/159219/Mantis-Bug-Tracker-2.3.0-Remote-Code-Execution.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15715","reference_id":"","reference_type":"","scores":[{"value":"0.2133","scoring_system":"epss","scoring_elements":"0.95805","published_at":"2026-06-07T12:55:00Z"},{"value":"0.2133","scoring_system":"epss","scoring_elements":"0.95795","published_at":"2026-06-04T12:55:00Z"},{"value":"0.2133","scoring_system":"epss","scoring_elements":"0.95803","published_at":"2026-06-06T12:55:00Z"},{"value":"0.2133","scoring_system":"epss","scoring_elements":"0.95799","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15715"},{"reference_url":"https://github.com/mantisbt/mantisbt","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mantisbt/mantisbt"},{"reference_url":"https://github.com/mantisbt/mantisbt/commit/5fb979604d88c630343b3eaf2b435cd41918c501","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mantisbt/mantisbt/commit/5fb979604d88c630343b3eaf2b435cd41918c501"},{"reference_url":"https://github.com/mantisbt/mantisbt/commit/7092573fac31eff41823f13540324db167c8bd52","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mantisbt/mantisbt/commit/7092573fac31eff41823f13540324db167c8bd52"},{"reference_url":"https://github.com/mantisbt/mantisbt/commit/cebfb9acb3686e8904d80bd4bc80720b54ba08e5","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mantisbt/mantisbt/commit/cebfb9acb3686e8904d80bd4bc80720b54ba08e5"},{"reference_url":"https://github.com/mantisbt/mantisbt/commit/fc7668c8e45db55fc3a4b991ea99d2b80861a14c","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mantisbt/mantisbt/commit/fc7668c8e45db55fc3a4b991ea99d2b80861a14c"},{"reference_url":"https://mantisbt.org/bugs/changelog_page.php?project=mantisbt","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mantisbt.org/bugs/changelog_page.php?project=mantisbt"},{"reference_url":"https://mantisbt.org/bugs/view.php?id=26091","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mantisbt.org/bugs/view.php?id=26091"},{"reference_url":"https://mantisbt.org/bugs/view.php?id=26162","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mantisbt.org/bugs/view.php?id=26162"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15715","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15715"},{"reference_url":"https://github.com/advisories/GHSA-v23g-wjvq-2fpf","reference_id":"GHSA-v23g-wjvq-2fpf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v23g-wjvq-2fpf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/155615?format=json","purl":"pkg:composer/mantisbt/mantisbt@2.22.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n7b-6pyz-cka5"},{"vulnerability":"VCID-1nq1-6hwz-7kcq"},{"vulnerability":"VCID-5mtg-nbrw-jyhp"},{"vulnerability":"VCID-843s-1vx7-nueb"},{"vulnerability":"VCID-8676-5hmd-s3hm"},{"vulnerability":"VCID-8hsn-cvrk-1uh5"},{"vulnerability":"VCID-8wux-1k2d-sbam"},{"vulnerability":"VCID-d3yt-mkwe-33hu"},{"vulnerability":"VCID-ed8g-bc8k-dkgq"},{"vulnerability":"VCID-fwyx-hjd4-b7hh"},{"vulnerability":"VCID-hxaw-gp24-9kfv"},{"vulnerability":"VCID-jpyg-rbg3-rybh"},{"vulnerability":"VCID-jqsn-z754-57ek"},{"vulnerability":"VCID-jtj9-ccw1-8kd1"},{"vulnerability":"VCID-kh1w-q4tc-6yhd"},{"vulnerability":"VCID-mubw-sf3f-n3fg"},{"vulnerability":"VCID-n3nu-aawj-s7af"},{"vulnerability":"VCID-qazy-c4se-fyfb"},{"vulnerability":"VCID-smvy-4xzy-4fbq"},{"vulnerability":"VCID-stgp-f24d-qqdp"},{"vulnerability":"VCID-uk44-j13d-43ce"},{"vulnerability":"VCID-uyk7-6syy-m7c3"},{"vulnerability":"VCID-uzm1-jgsr-ufeg"},{"vulnerability":"VCID-w3u1-um27-1uay"},{"vulnerability":"VCID-y7ms-qz8n-3ugn"},{"vulnerability":"VCID-ybzq-wt16-3bc2"},{"vulnerability":"VCID-yhf6-qthy-nqb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.22.1"}],"aliases":["CVE-2019-15715","GHSA-v23g-wjvq-2fpf"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1v33-u5bm-pyem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111076?format=json","vulnerability_id":"VCID-7rw5-pdgb-nqhd","summary":"MantisBT XSS via adm_config_report.php's action parameter\nA cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6973","reference_id":"","reference_type":"","scores":[{"value":"0.00624","scoring_system":"epss","scoring_elements":"0.70581","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00624","scoring_system":"epss","scoring_elements":"0.70599","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00624","scoring_system":"epss","scoring_elements":"0.7059","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00624","scoring_system":"epss","scoring_elements":"0.70548","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6973"},{"reference_url":"https://github.com/mantisbt/mantisbt","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mantisbt/mantisbt"},{"reference_url":"https://github.com/mantisbt/mantisbt/commit/034cd07b47af37366fc7b726cb4a4f971d3d3fb9","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mantisbt/mantisbt/commit/034cd07b47af37366fc7b726cb4a4f971d3d3fb9"},{"reference_url":"https://github.com/mantisbt/mantisbt/commit/15e52e84c389afe8b03ed3cdb59b6549257ed197","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mantisbt/mantisbt/commit/15e52e84c389afe8b03ed3cdb59b6549257ed197"},{"reference_url":"https://github.com/mantisbt/mantisbt/commit/da74c5aa02bcf21cfaab1180f892c22415e5fea6","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mantisbt/mantisbt/commit/da74c5aa02bcf21cfaab1180f892c22415e5fea6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6973","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6973"},{"reference_url":"http://www.mantisbt.org/bugs/view.php?id=22537","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mantisbt.org/bugs/view.php?id=22537"},{"reference_url":"https://github.com/advisories/GHSA-v7qf-22rw-chph","reference_id":"GHSA-v7qf-22rw-chph","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v7qf-22rw-chph"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/151098?format=json","purl":"pkg:composer/mantisbt/mantisbt@2.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/151099?format=json","purl":"pkg:composer/mantisbt/mantisbt@2.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.2.2"}],"aliases":["CVE-2017-6973","GHSA-v7qf-22rw-chph"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7rw5-pdgb-nqhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43899?format=json","vulnerability_id":"VCID-dy4y-w8g5-9udt","summary":"MantisBT allows XSS on the Edit Filter page via crafted filter name\nAn issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'foobar\" onclick=\"alert(1)').","references":[{"reference_url":"http://github.com/mantisbt/mantisbt/commit/8b5fa243dbf04344a55fe880135ec149fc1f439f","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/mantisbt/mantisbt/commit/8b5fa243dbf04344a55fe880135ec149fc1f439f"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14504","reference_id":"","reference_type":"","scores":[{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.6557","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.65559","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.65507","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14504"},{"reference_url":"https://github.com/mantisbt/mantisbt","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mantisbt/mantisbt"},{"reference_url":"https://mantisbt.org/blog/archives/mantisbt/602","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mantisbt.org/blog/archives/mantisbt/602"},{"reference_url":"https://mantisbt.org/bugs/view.php?id=24608","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mantisbt.org/bugs/view.php?id=24608"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14504","reference_id":"CVE-2018-14504","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14504"},{"reference_url":"https://github.com/advisories/GHSA-74gh-5j33-vg4w","reference_id":"GHSA-74gh-5j33-vg4w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-74gh-5j33-vg4w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63083?format=json","purl":"pkg:composer/mantisbt/mantisbt@2.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n7b-6pyz-cka5"},{"vulnerability":"VCID-1nq1-6hwz-7kcq"},{"vulnerability":"VCID-1v33-u5bm-pyem"},{"vulnerability":"VCID-516n-s5ts-eyg8"},{"vulnerability":"VCID-5mtg-nbrw-jyhp"},{"vulnerability":"VCID-6tnt-m23j-pyhv"},{"vulnerability":"VCID-843s-1vx7-nueb"},{"vulnerability":"VCID-8676-5hmd-s3hm"},{"vulnerability":"VCID-8cnw-f9a5-aygc"},{"vulnerability":"VCID-8hsn-cvrk-1uh5"},{"vulnerability":"VCID-8wux-1k2d-sbam"},{"vulnerability":"VCID-d3yt-mkwe-33hu"},{"vulnerability":"VCID-ed8g-bc8k-dkgq"},{"vulnerability":"VCID-fwyx-hjd4-b7hh"},{"vulnerability":"VCID-hxaw-gp24-9kfv"},{"vulnerability":"VCID-hz9e-tmbf-uydt"},{"vulnerability":"VCID-jpyg-rbg3-rybh"},{"vulnerability":"VCID-jqsn-z754-57ek"},{"vulnerability":"VCID-jtj9-ccw1-8kd1"},{"vulnerability":"VCID-kh1w-q4tc-6yhd"},{"vulnerability":"VCID-m956-44xf-2qfz"},{"vulnerability":"VCID-mubw-sf3f-n3fg"},{"vulnerability":"VCID-n3nu-aawj-s7af"},{"vulnerability":"VCID-qazy-c4se-fyfb"},{"vulnerability":"VCID-smvy-4xzy-4fbq"},{"vulnerability":"VCID-stgp-f24d-qqdp"},{"vulnerability":"VCID-uk44-j13d-43ce"},{"vulnerability":"VCID-uyk7-6syy-m7c3"},{"vulnerability":"VCID-uzm1-jgsr-ufeg"},{"vulnerability":"VCID-w3u1-um27-1uay"},{"vulnerability":"VCID-y7ms-qz8n-3ugn"},{"vulnerability":"VCID-ybzq-wt16-3bc2"},{"vulnerability":"VCID-yhf6-qthy-nqb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.15.1"}],"aliases":["CVE-2018-14504","GHSA-74gh-5j33-vg4w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dy4y-w8g5-9udt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43675?format=json","vulnerability_id":"VCID-f6up-847f-duef","summary":"MantisBT allows arbitrary password reset\nMantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.","references":[{"reference_url":"http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt"},{"reference_url":"http://packetstormsecurity.com/files/159219/Mantis-Bug-Tracker-2.3.0-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/159219/Mantis-Bug-Tracker-2.3.0-Remote-Code-Execution.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7615","reference_id":"","reference_type":"","scores":[{"value":"0.92451","scoring_system":"epss","scoring_elements":"0.99747","published_at":"2026-06-07T12:55:00Z"},{"value":"0.92451","scoring_system":"epss","scoring_elements":"0.99746","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7615"},{"reference_url":"https://github.com/mantisbt/mantisbt","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mantisbt/mantisbt"},{"reference_url":"https://mantisbt.org/bugs/view.php?id=22690","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mantisbt.org/bugs/view.php?id=22690"},{"reference_url":"https://www.exploit-db.com/exploits/41890","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/41890"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/04/16/2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2017/04/16/2"},{"reference_url":"http://www.securityfocus.com/bid/97707","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/97707"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/41890.txt","reference_id":"CVE-2017-7615","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/41890.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7615","reference_id":"CVE-2017-7615","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7615"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/48818.py","reference_id":"CVE-2019-15715;CVE-2017-7615","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/48818.py"},{"reference_url":"https://github.com/advisories/GHSA-252r-f55f-ff34","reference_id":"GHSA-252r-f55f-ff34","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-252r-f55f-ff34"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62703?format=json","purl":"pkg:composer/mantisbt/mantisbt@2.2.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/62704?format=json","purl":"pkg:composer/mantisbt/mantisbt@2.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n7b-6pyz-cka5"},{"vulnerability":"VCID-1nq1-6hwz-7kcq"},{"vulnerability":"VCID-1v33-u5bm-pyem"},{"vulnerability":"VCID-516n-s5ts-eyg8"},{"vulnerability":"VCID-5mtg-nbrw-jyhp"},{"vulnerability":"VCID-6tnt-m23j-pyhv"},{"vulnerability":"VCID-843s-1vx7-nueb"},{"vulnerability":"VCID-8676-5hmd-s3hm"},{"vulnerability":"VCID-8cnw-f9a5-aygc"},{"vulnerability":"VCID-8hsn-cvrk-1uh5"},{"vulnerability":"VCID-8wux-1k2d-sbam"},{"vulnerability":"VCID-cryg-7p4f-xyhh"},{"vulnerability":"VCID-d3yt-mkwe-33hu"},{"vulnerability":"VCID-dy4y-w8g5-9udt"},{"vulnerability":"VCID-ed8g-bc8k-dkgq"},{"vulnerability":"VCID-fwyx-hjd4-b7hh"},{"vulnerability":"VCID-gnd3-529f-ube6"},{"vulnerability":"VCID-hxaw-gp24-9kfv"},{"vulnerability":"VCID-hz9e-tmbf-uydt"},{"vulnerability":"VCID-jpyg-rbg3-rybh"},{"vulnerability":"VCID-jqsn-z754-57ek"},{"vulnerability":"VCID-jtj9-ccw1-8kd1"},{"vulnerability":"VCID-kh1w-q4tc-6yhd"},{"vulnerability":"VCID-m956-44xf-2qfz"},{"vulnerability":"VCID-mubw-sf3f-n3fg"},{"vulnerability":"VCID-n3nu-aawj-s7af"},{"vulnerability":"VCID-qazy-c4se-fyfb"},{"vulnerability":"VCID-qmgr-sz7u-7kam"},{"vulnerability":"VCID-smvy-4xzy-4fbq"},{"vulnerability":"VCID-stgp-f24d-qqdp"},{"vulnerability":"VCID-uk44-j13d-43ce"},{"vulnerability":"VCID-uyk7-6syy-m7c3"},{"vulnerability":"VCID-uzm1-jgsr-ufeg"},{"vulnerability":"VCID-w3u1-um27-1uay"},{"vulnerability":"VCID-x9k5-hczy-u3cd"},{"vulnerability":"VCID-xz9f-ksj8-3bhk"},{"vulnerability":"VCID-y7ms-qz8n-3ugn"},{"vulnerability":"VCID-ybzq-wt16-3bc2"},{"vulnerability":"VCID-yhf6-qthy-nqb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.3.1"}],"aliases":["CVE-2017-7615","GHSA-252r-f55f-ff34"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f6up-847f-duef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43766?format=json","vulnerability_id":"VCID-gnd3-529f-ube6","summary":"MantisBT XSS allows unsanitized input via admin/install.php\nAn XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by the $f_database, $f_db_username, and $f_admin_username variables. This is mitigated by the fact that the admin/ folder should be deleted after installation, and also prevented by CSP.","references":[{"reference_url":"http://openwall.com/lists/oss-security/2017/08/01/1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2017/08/01/1"},{"reference_url":"http://openwall.com/lists/oss-security/2017/08/01/2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2017/08/01/2"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12061","reference_id":"","reference_type":"","scores":[{"value":"0.01034","scoring_system":"epss","scoring_elements":"0.77732","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01034","scoring_system":"epss","scoring_elements":"0.77742","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01034","scoring_system":"epss","scoring_elements":"0.77735","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01034","scoring_system":"epss","scoring_elements":"0.77708","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12061"},{"reference_url":"https://github.com/mantisbt/mantisbt","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mantisbt/mantisbt"},{"reference_url":"https://github.com/mantisbt/mantisbt/commit/17f9b94f031ba93ae2a727bca0e68458ecd08fb0","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mantisbt/mantisbt/commit/17f9b94f031ba93ae2a727bca0e68458ecd08fb0"},{"reference_url":"https://github.com/mantisbt/mantisbt/commit/c73ae3d3d4dd4681489a9e697e8ade785e27cba5","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mantisbt/mantisbt/commit/c73ae3d3d4dd4681489a9e697e8ade785e27cba5"},{"reference_url":"https://mantisbt.org/bugs/view.php?id=23146","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mantisbt.org/bugs/view.php?id=23146"},{"reference_url":"https://web.archive.org/web/20170811053146/http://www.securitytracker.com/id/1039030","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170811053146/http://www.securitytracker.com/id/1039030"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12061","reference_id":"CVE-2017-12061","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12061"},{"reference_url":"https://github.com/advisories/GHSA-98xr-mmq5-vc5h","reference_id":"GHSA-98xr-mmq5-vc5h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-98xr-mmq5-vc5h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62831?format=json","purl":"pkg:composer/mantisbt/mantisbt@2.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n7b-6pyz-cka5"},{"vulnerability":"VCID-1nq1-6hwz-7kcq"},{"vulnerability":"VCID-1v33-u5bm-pyem"},{"vulnerability":"VCID-516n-s5ts-eyg8"},{"vulnerability":"VCID-5mtg-nbrw-jyhp"},{"vulnerability":"VCID-6tnt-m23j-pyhv"},{"vulnerability":"VCID-843s-1vx7-nueb"},{"vulnerability":"VCID-8676-5hmd-s3hm"},{"vulnerability":"VCID-8cnw-f9a5-aygc"},{"vulnerability":"VCID-8hsn-cvrk-1uh5"},{"vulnerability":"VCID-8wux-1k2d-sbam"},{"vulnerability":"VCID-d3yt-mkwe-33hu"},{"vulnerability":"VCID-dy4y-w8g5-9udt"},{"vulnerability":"VCID-ed8g-bc8k-dkgq"},{"vulnerability":"VCID-fwyx-hjd4-b7hh"},{"vulnerability":"VCID-hxaw-gp24-9kfv"},{"vulnerability":"VCID-hz9e-tmbf-uydt"},{"vulnerability":"VCID-jpyg-rbg3-rybh"},{"vulnerability":"VCID-jqsn-z754-57ek"},{"vulnerability":"VCID-jtj9-ccw1-8kd1"},{"vulnerability":"VCID-kh1w-q4tc-6yhd"},{"vulnerability":"VCID-m956-44xf-2qfz"},{"vulnerability":"VCID-mubw-sf3f-n3fg"},{"vulnerability":"VCID-n3nu-aawj-s7af"},{"vulnerability":"VCID-qazy-c4se-fyfb"},{"vulnerability":"VCID-smvy-4xzy-4fbq"},{"vulnerability":"VCID-stgp-f24d-qqdp"},{"vulnerability":"VCID-uk44-j13d-43ce"},{"vulnerability":"VCID-uyk7-6syy-m7c3"},{"vulnerability":"VCID-uzm1-jgsr-ufeg"},{"vulnerability":"VCID-w3u1-um27-1uay"},{"vulnerability":"VCID-x9k5-hczy-u3cd"},{"vulnerability":"VCID-y7ms-qz8n-3ugn"},{"vulnerability":"VCID-ybzq-wt16-3bc2"},{"vulnerability":"VCID-yhf6-qthy-nqb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.5.2"}],"aliases":["CVE-2017-12061","GHSA-98xr-mmq5-vc5h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gnd3-529f-ube6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111504?format=json","vulnerability_id":"VCID-m7ur-m19k-vba4","summary":"MantisBT XSS via move_attachments_page.php\nA cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) settings allows it. This is fixed in 1.3.9, 2.1.3, and 2.2.3. Note that this vulnerability is not exploitable if the admin tools directory is removed, as recommended in the \"Post-installation and upgrade tasks\" of the MantisBT Admin Guide. A reminder to do so is also displayed on the login page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7241","reference_id":"","reference_type":"","scores":[{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74473","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74499","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.7451","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74505","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7241"},{"reference_url":"https://github.com/mantisbt/mantisbt","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mantisbt/mantisbt"},{"reference_url":"https://github.com/mantisbt/mantisbt/commit/2d55c6476e939db021128b3995c28dcae05b09a4","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mantisbt/mantisbt/commit/2d55c6476e939db021128b3995c28dcae05b09a4"},{"reference_url":"https://github.com/mantisbt/mantisbt/commit/d31841c806a3c8379fcf6c9d9559451270b0f1cb","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mantisbt/mantisbt/commit/d31841c806a3c8379fcf6c9d9559451270b0f1cb"},{"reference_url":"https://github.com/mantisbt/mantisbt/commit/ecef0e9b523a460709e8feedfce72f05bb30b992","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mantisbt/mantisbt/commit/ecef0e9b523a460709e8feedfce72f05bb30b992"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7241","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7241"},{"reference_url":"http://www.mantisbt.org/bugs/view.php?id=22568","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mantisbt.org/bugs/view.php?id=22568"},{"reference_url":"https://github.com/advisories/GHSA-x53v-v9xp-gf6g","reference_id":"GHSA-x53v-v9xp-gf6g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x53v-v9xp-gf6g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63417?format=json","purl":"pkg:composer/mantisbt/mantisbt@2.1.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/63418?format=json","purl":"pkg:composer/mantisbt/mantisbt@2.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.2.3"}],"aliases":["CVE-2017-7241","GHSA-x53v-v9xp-gf6g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m7ur-m19k-vba4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44174?format=json","vulnerability_id":"VCID-qmgr-sz7u-7kam","summary":"MantisBT vulnerable to XSS via unsanitized filter field in manage_user_page.php\nAn XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled.","references":[{"reference_url":"http://openwall.com/lists/oss-security/2017/08/01/1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2017/08/01/1"},{"reference_url":"http://openwall.com/lists/oss-security/2017/08/01/2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2017/08/01/2"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12062","reference_id":"","reference_type":"","scores":[{"value":"0.00741","scoring_system":"epss","scoring_elements":"0.73375","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00741","scoring_system":"epss","scoring_elements":"0.73369","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00741","scoring_system":"epss","scoring_elements":"0.73333","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00741","scoring_system":"epss","scoring_elements":"0.7336","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12062"},{"reference_url":"https://github.com/mantisbt/mantisbt","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mantisbt/mantisbt"},{"reference_url":"https://github.com/mantisbt/mantisbt/commit/9b5b71dadbeeeec27efea59f562ac5bd6d2673b7","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mantisbt/mantisbt/commit/9b5b71dadbeeeec27efea59f562ac5bd6d2673b7"},{"reference_url":"https://mantisbt.org/bugs/view.php?id=23166","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mantisbt.org/bugs/view.php?id=23166"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12062","reference_id":"CVE-2017-12062","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12062"},{"reference_url":"https://github.com/advisories/GHSA-w93w-rx52-24qh","reference_id":"GHSA-w93w-rx52-24qh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w93w-rx52-24qh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62831?format=json","purl":"pkg:composer/mantisbt/mantisbt@2.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n7b-6pyz-cka5"},{"vulnerability":"VCID-1nq1-6hwz-7kcq"},{"vulnerability":"VCID-1v33-u5bm-pyem"},{"vulnerability":"VCID-516n-s5ts-eyg8"},{"vulnerability":"VCID-5mtg-nbrw-jyhp"},{"vulnerability":"VCID-6tnt-m23j-pyhv"},{"vulnerability":"VCID-843s-1vx7-nueb"},{"vulnerability":"VCID-8676-5hmd-s3hm"},{"vulnerability":"VCID-8cnw-f9a5-aygc"},{"vulnerability":"VCID-8hsn-cvrk-1uh5"},{"vulnerability":"VCID-8wux-1k2d-sbam"},{"vulnerability":"VCID-d3yt-mkwe-33hu"},{"vulnerability":"VCID-dy4y-w8g5-9udt"},{"vulnerability":"VCID-ed8g-bc8k-dkgq"},{"vulnerability":"VCID-fwyx-hjd4-b7hh"},{"vulnerability":"VCID-hxaw-gp24-9kfv"},{"vulnerability":"VCID-hz9e-tmbf-uydt"},{"vulnerability":"VCID-jpyg-rbg3-rybh"},{"vulnerability":"VCID-jqsn-z754-57ek"},{"vulnerability":"VCID-jtj9-ccw1-8kd1"},{"vulnerability":"VCID-kh1w-q4tc-6yhd"},{"vulnerability":"VCID-m956-44xf-2qfz"},{"vulnerability":"VCID-mubw-sf3f-n3fg"},{"vulnerability":"VCID-n3nu-aawj-s7af"},{"vulnerability":"VCID-qazy-c4se-fyfb"},{"vulnerability":"VCID-smvy-4xzy-4fbq"},{"vulnerability":"VCID-stgp-f24d-qqdp"},{"vulnerability":"VCID-uk44-j13d-43ce"},{"vulnerability":"VCID-uyk7-6syy-m7c3"},{"vulnerability":"VCID-uzm1-jgsr-ufeg"},{"vulnerability":"VCID-w3u1-um27-1uay"},{"vulnerability":"VCID-x9k5-hczy-u3cd"},{"vulnerability":"VCID-y7ms-qz8n-3ugn"},{"vulnerability":"VCID-ybzq-wt16-3bc2"},{"vulnerability":"VCID-yhf6-qthy-nqb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.5.2"}],"aliases":["CVE-2017-12062","GHSA-w93w-rx52-24qh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qmgr-sz7u-7kam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111035?format=json","vulnerability_id":"VCID-xz9f-ksj8-3bhk","summary":"MantisBT vulnerable to CSRF and Open Redirect attacks\nMantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \\/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI.","references":[{"reference_url":"http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7620","reference_id":"","reference_type":"","scores":[{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55843","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.5578","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55837","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.5583","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7620"},{"reference_url":"https://github.com/mantisbt/mantisbt","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mantisbt/mantisbt"},{"reference_url":"https://github.com/mantisbt/mantisbt/commit/2d2309a384bcd9d4b6d7d2928e8ded2c46d2d7b0","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mantisbt/mantisbt/commit/2d2309a384bcd9d4b6d7d2928e8ded2c46d2d7b0"},{"reference_url":"https://github.com/mantisbt/mantisbt/commit/8b6787c8d321ee0ced5fb74ac3f34b67b4b7b26c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mantisbt/mantisbt/commit/8b6787c8d321ee0ced5fb74ac3f34b67b4b7b26c"},{"reference_url":"https://github.com/mantisbt/mantisbt/commit/c4f50e5df6b189abb1d717a5f7dbab5cbfef8165","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mantisbt/mantisbt/commit/c4f50e5df6b189abb1d717a5f7dbab5cbfef8165"},{"reference_url":"https://mantisbt.org/bugs/view.php?id=22702","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mantisbt.org/bugs/view.php?id=22702"},{"reference_url":"https://mantisbt.org/bugs/view.php?id=22816","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mantisbt.org/bugs/view.php?id=22816"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7620","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7620"},{"reference_url":"https://www.exploit-db.com/exploits/42043","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/42043"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/42043.txt","reference_id":"CVE-2017-7620","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/42043.txt"},{"reference_url":"https://github.com/advisories/GHSA-9x76-mp7r-2xc5","reference_id":"GHSA-9x76-mp7r-2xc5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9x76-mp7r-2xc5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/150795?format=json","purl":"pkg:composer/mantisbt/mantisbt@2.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n7b-6pyz-cka5"},{"vulnerability":"VCID-1nq1-6hwz-7kcq"},{"vulnerability":"VCID-1v33-u5bm-pyem"},{"vulnerability":"VCID-516n-s5ts-eyg8"},{"vulnerability":"VCID-5mtg-nbrw-jyhp"},{"vulnerability":"VCID-6tnt-m23j-pyhv"},{"vulnerability":"VCID-843s-1vx7-nueb"},{"vulnerability":"VCID-8676-5hmd-s3hm"},{"vulnerability":"VCID-8cnw-f9a5-aygc"},{"vulnerability":"VCID-8hsn-cvrk-1uh5"},{"vulnerability":"VCID-8wux-1k2d-sbam"},{"vulnerability":"VCID-d3yt-mkwe-33hu"},{"vulnerability":"VCID-dy4y-w8g5-9udt"},{"vulnerability":"VCID-ed8g-bc8k-dkgq"},{"vulnerability":"VCID-fwyx-hjd4-b7hh"},{"vulnerability":"VCID-gnd3-529f-ube6"},{"vulnerability":"VCID-hxaw-gp24-9kfv"},{"vulnerability":"VCID-hz9e-tmbf-uydt"},{"vulnerability":"VCID-jpyg-rbg3-rybh"},{"vulnerability":"VCID-jqsn-z754-57ek"},{"vulnerability":"VCID-jtj9-ccw1-8kd1"},{"vulnerability":"VCID-kh1w-q4tc-6yhd"},{"vulnerability":"VCID-m956-44xf-2qfz"},{"vulnerability":"VCID-mubw-sf3f-n3fg"},{"vulnerability":"VCID-n3nu-aawj-s7af"},{"vulnerability":"VCID-qazy-c4se-fyfb"},{"vulnerability":"VCID-qmgr-sz7u-7kam"},{"vulnerability":"VCID-smvy-4xzy-4fbq"},{"vulnerability":"VCID-stgp-f24d-qqdp"},{"vulnerability":"VCID-uk44-j13d-43ce"},{"vulnerability":"VCID-uyk7-6syy-m7c3"},{"vulnerability":"VCID-uzm1-jgsr-ufeg"},{"vulnerability":"VCID-w3u1-um27-1uay"},{"vulnerability":"VCID-x9k5-hczy-u3cd"},{"vulnerability":"VCID-y7ms-qz8n-3ugn"},{"vulnerability":"VCID-ybzq-wt16-3bc2"},{"vulnerability":"VCID-yhf6-qthy-nqb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/150796?format=json","purl":"pkg:composer/mantisbt/mantisbt@2.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n7b-6pyz-cka5"},{"vulnerability":"VCID-1nq1-6hwz-7kcq"},{"vulnerability":"VCID-1v33-u5bm-pyem"},{"vulnerability":"VCID-516n-s5ts-eyg8"},{"vulnerability":"VCID-5mtg-nbrw-jyhp"},{"vulnerability":"VCID-6tnt-m23j-pyhv"},{"vulnerability":"VCID-843s-1vx7-nueb"},{"vulnerability":"VCID-8676-5hmd-s3hm"},{"vulnerability":"VCID-8cnw-f9a5-aygc"},{"vulnerability":"VCID-8hsn-cvrk-1uh5"},{"vulnerability":"VCID-8wux-1k2d-sbam"},{"vulnerability":"VCID-d3yt-mkwe-33hu"},{"vulnerability":"VCID-dy4y-w8g5-9udt"},{"vulnerability":"VCID-ed8g-bc8k-dkgq"},{"vulnerability":"VCID-fwyx-hjd4-b7hh"},{"vulnerability":"VCID-gnd3-529f-ube6"},{"vulnerability":"VCID-hxaw-gp24-9kfv"},{"vulnerability":"VCID-hz9e-tmbf-uydt"},{"vulnerability":"VCID-jpyg-rbg3-rybh"},{"vulnerability":"VCID-jqsn-z754-57ek"},{"vulnerability":"VCID-jtj9-ccw1-8kd1"},{"vulnerability":"VCID-kh1w-q4tc-6yhd"},{"vulnerability":"VCID-m956-44xf-2qfz"},{"vulnerability":"VCID-mubw-sf3f-n3fg"},{"vulnerability":"VCID-n3nu-aawj-s7af"},{"vulnerability":"VCID-qazy-c4se-fyfb"},{"vulnerability":"VCID-qmgr-sz7u-7kam"},{"vulnerability":"VCID-smvy-4xzy-4fbq"},{"vulnerability":"VCID-stgp-f24d-qqdp"},{"vulnerability":"VCID-uk44-j13d-43ce"},{"vulnerability":"VCID-uyk7-6syy-m7c3"},{"vulnerability":"VCID-uzm1-jgsr-ufeg"},{"vulnerability":"VCID-w3u1-um27-1uay"},{"vulnerability":"VCID-x9k5-hczy-u3cd"},{"vulnerability":"VCID-y7ms-qz8n-3ugn"},{"vulnerability":"VCID-ybzq-wt16-3bc2"},{"vulnerability":"VCID-yhf6-qthy-nqb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.4.1"}],"aliases":["CVE-2017-7620","GHSA-9x76-mp7r-2xc5"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xz9f-ksj8-3bhk"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.0.0"}