Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/mantisbt/mantisbt@2.1.0
Typecomposer
Namespacemantisbt
Namemantisbt
Version2.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.28.2
Latest_non_vulnerable_version2.28.2
Affected_by_vulnerabilities
0
url VCID-516n-s5ts-eyg8
vulnerability_id VCID-516n-s5ts-eyg8
summary 
MantisBT cross-site scripting (XSS) vulnerability through crafted PATH_INFO
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filter_edit_page.php) in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-13055.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16514
reference_id
reference_type
scores
0
value 0.00253
scoring_system epss
scoring_elements 0.48797
published_at 2026-06-04T12:55:00Z
1
value 0.00253
scoring_system epss
scoring_elements 0.48848
published_at 2026-06-07T12:55:00Z
2
value 0.00253
scoring_system epss
scoring_elements 0.48866
published_at 2026-06-06T12:55:00Z
3
value 0.00253
scoring_system epss
scoring_elements 0.48859
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16514
1
reference_url https://github.com/mantisbt/mantisbt
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mantisbt/mantisbt
2
reference_url https://github.com/mantisbt/mantisbt/blob/006cd0cd90c37097e1a065fd3e59ce2534490834/core/filter_form_api.php#L2779
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mantisbt/mantisbt/blob/006cd0cd90c37097e1a065fd3e59ce2534490834/core/filter_form_api.php#L2779
3
reference_url https://github.com/mantisbt/mantisbt/commit/66091a42626631a3063774eb0fb8a4218ab22fd4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mantisbt/mantisbt/commit/66091a42626631a3063774eb0fb8a4218ab22fd4
4
reference_url https://mantisbt.org/bugs/view.php?id=24731
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://mantisbt.org/bugs/view.php?id=24731
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-16514
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-16514
6
reference_url https://github.com/advisories/GHSA-3qv7-98vm-xx2v
reference_id GHSA-3qv7-98vm-xx2v
reference_type
scores
url https://github.com/advisories/GHSA-3qv7-98vm-xx2v
fixed_packages
0
url pkg:composer/mantisbt/mantisbt@2.17.1
purl pkg:composer/mantisbt/mantisbt@2.17.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n7b-6pyz-cka5
1
vulnerability VCID-1nq1-6hwz-7kcq
2
vulnerability VCID-1v33-u5bm-pyem
3
vulnerability VCID-5mtg-nbrw-jyhp
4
vulnerability VCID-6tnt-m23j-pyhv
5
vulnerability VCID-843s-1vx7-nueb
6
vulnerability VCID-8676-5hmd-s3hm
7
vulnerability VCID-8cnw-f9a5-aygc
8
vulnerability VCID-8hsn-cvrk-1uh5
9
vulnerability VCID-8wux-1k2d-sbam
10
vulnerability VCID-d3yt-mkwe-33hu
11
vulnerability VCID-ed8g-bc8k-dkgq
12
vulnerability VCID-fwyx-hjd4-b7hh
13
vulnerability VCID-hxaw-gp24-9kfv
14
vulnerability VCID-hz9e-tmbf-uydt
15
vulnerability VCID-jpyg-rbg3-rybh
16
vulnerability VCID-jqsn-z754-57ek
17
vulnerability VCID-jtj9-ccw1-8kd1
18
vulnerability VCID-kh1w-q4tc-6yhd
19
vulnerability VCID-m956-44xf-2qfz
20
vulnerability VCID-mubw-sf3f-n3fg
21
vulnerability VCID-n3nu-aawj-s7af
22
vulnerability VCID-qazy-c4se-fyfb
23
vulnerability VCID-smvy-4xzy-4fbq
24
vulnerability VCID-stgp-f24d-qqdp
25
vulnerability VCID-uk44-j13d-43ce
26
vulnerability VCID-uyk7-6syy-m7c3
27
vulnerability VCID-uzm1-jgsr-ufeg
28
vulnerability VCID-w3u1-um27-1uay
29
vulnerability VCID-y7ms-qz8n-3ugn
30
vulnerability VCID-ybzq-wt16-3bc2
31
vulnerability VCID-yhf6-qthy-nqb2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.17.1
aliases CVE-2018-16514, GHSA-3qv7-98vm-xx2v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-516n-s5ts-eyg8
1
url VCID-6tnt-m23j-pyhv
vulnerability_id VCID-6tnt-m23j-pyhv
summary 
MantisBT allows XSS via Edit Filter page
A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-17783
reference_id
reference_type
scores
0
value 0.00177
scoring_system epss
scoring_elements 0.38935
published_at 2026-06-04T12:55:00Z
1
value 0.00177
scoring_system epss
scoring_elements 0.38998
published_at 2026-06-07T12:55:00Z
2
value 0.00177
scoring_system epss
scoring_elements 0.39027
published_at 2026-06-06T12:55:00Z
3
value 0.00177
scoring_system epss
scoring_elements 0.39023
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-17783
1
reference_url https://github.com/mantisbt/mantisbt
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mantisbt/mantisbt
2
reference_url https://github.com/mantisbt/mantisbt/commit/b9453cd7643b7c5b1b8c716b1dbd4d7d9571d1ec
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mantisbt/mantisbt/commit/b9453cd7643b7c5b1b8c716b1dbd4d7d9571d1ec
3
reference_url https://mantisbt.org/blog/archives/mantisbt/613
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://mantisbt.org/blog/archives/mantisbt/613
4
reference_url https://mantisbt.org/bugs/view.php?id=24814
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://mantisbt.org/bugs/view.php?id=24814
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-17783
reference_id CVE-2018-17783
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-17783
6
reference_url https://github.com/advisories/GHSA-gcqw-45xq-xc63
reference_id GHSA-gcqw-45xq-xc63
reference_type
scores
url https://github.com/advisories/GHSA-gcqw-45xq-xc63
fixed_packages
0
url pkg:composer/mantisbt/mantisbt@2.17.2
purl pkg:composer/mantisbt/mantisbt@2.17.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n7b-6pyz-cka5
1
vulnerability VCID-1nq1-6hwz-7kcq
2
vulnerability VCID-1v33-u5bm-pyem
3
vulnerability VCID-5mtg-nbrw-jyhp
4
vulnerability VCID-843s-1vx7-nueb
5
vulnerability VCID-8676-5hmd-s3hm
6
vulnerability VCID-8cnw-f9a5-aygc
7
vulnerability VCID-8hsn-cvrk-1uh5
8
vulnerability VCID-8wux-1k2d-sbam
9
vulnerability VCID-d3yt-mkwe-33hu
10
vulnerability VCID-ed8g-bc8k-dkgq
11
vulnerability VCID-fwyx-hjd4-b7hh
12
vulnerability VCID-hxaw-gp24-9kfv
13
vulnerability VCID-jpyg-rbg3-rybh
14
vulnerability VCID-jqsn-z754-57ek
15
vulnerability VCID-jtj9-ccw1-8kd1
16
vulnerability VCID-kh1w-q4tc-6yhd
17
vulnerability VCID-m956-44xf-2qfz
18
vulnerability VCID-mubw-sf3f-n3fg
19
vulnerability VCID-n3nu-aawj-s7af
20
vulnerability VCID-qazy-c4se-fyfb
21
vulnerability VCID-smvy-4xzy-4fbq
22
vulnerability VCID-stgp-f24d-qqdp
23
vulnerability VCID-uk44-j13d-43ce
24
vulnerability VCID-uyk7-6syy-m7c3
25
vulnerability VCID-uzm1-jgsr-ufeg
26
vulnerability VCID-w3u1-um27-1uay
27
vulnerability VCID-y7ms-qz8n-3ugn
28
vulnerability VCID-ybzq-wt16-3bc2
29
vulnerability VCID-yhf6-qthy-nqb2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.17.2
aliases CVE-2018-17783, GHSA-gcqw-45xq-xc63
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6tnt-m23j-pyhv
2
url VCID-f5bu-52kz-57gk
vulnerability_id VCID-f5bu-52kz-57gk
summary 
MantisBT vulnerable to XSS through config_option parameter in adm_config_report.php
A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3.
references
0
reference_url http://openwall.com/lists/oss-security/2017/03/30/4
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2017/03/30/4
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7309
reference_id
reference_type
scores
0
value 0.02475
scoring_system epss
scoring_elements 0.85575
published_at 2026-06-05T12:55:00Z
1
value 0.02475
scoring_system epss
scoring_elements 0.85552
published_at 2026-06-04T12:55:00Z
2
value 0.02475
scoring_system epss
scoring_elements 0.8558
published_at 2026-06-06T12:55:00Z
3
value 0.02475
scoring_system epss
scoring_elements 0.85577
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7309
2
reference_url https://github.com/mantisbt/mantisbt
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mantisbt/mantisbt
3
reference_url https://github.com/mantisbt/mantisbt/commit/0243375e32bc24878e309f3d6ef6d8cfb3e2f278
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mantisbt/mantisbt/commit/0243375e32bc24878e309f3d6ef6d8cfb3e2f278
4
reference_url https://github.com/mantisbt/mantisbt/commit/c9e5b1d0404503022605459552faeaf610bf15ae
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mantisbt/mantisbt/commit/c9e5b1d0404503022605459552faeaf610bf15ae
5
reference_url https://github.com/mantisbt/mantisbt/commit/e881dd79df422033bbea88914fc0a717fae40358
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mantisbt/mantisbt/commit/e881dd79df422033bbea88914fc0a717fae40358
6
reference_url http://www.mantisbt.org/bugs/view.php?id=22579
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.mantisbt.org/bugs/view.php?id=22579
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7309
reference_id CVE-2017-7309
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7309
8
reference_url https://github.com/advisories/GHSA-4w6c-3hcx-rfj5
reference_id GHSA-4w6c-3hcx-rfj5
reference_type
scores
url https://github.com/advisories/GHSA-4w6c-3hcx-rfj5
fixed_packages
0
url pkg:composer/mantisbt/mantisbt@2.1.3
purl pkg:composer/mantisbt/mantisbt@2.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.1.3
1
url pkg:composer/mantisbt/mantisbt@2.2.3
purl pkg:composer/mantisbt/mantisbt@2.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.2.3
aliases CVE-2017-7309, GHSA-4w6c-3hcx-rfj5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f5bu-52kz-57gk
3
url VCID-hz9e-tmbf-uydt
vulnerability_id VCID-hz9e-tmbf-uydt
summary 
MantisBT allows XSS via the Manage Filter page
A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-17782
reference_id
reference_type
scores
0
value 0.00177
scoring_system epss
scoring_elements 0.38998
published_at 2026-06-07T12:55:00Z
1
value 0.00177
scoring_system epss
scoring_elements 0.39027
published_at 2026-06-06T12:55:00Z
2
value 0.00177
scoring_system epss
scoring_elements 0.39023
published_at 2026-06-05T12:55:00Z
3
value 0.00177
scoring_system epss
scoring_elements 0.38935
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-17782
1
reference_url https://github.com/mantisbt/mantisbt
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mantisbt/mantisbt
2
reference_url https://github.com/mantisbt/mantisbt/commit/72ab020a42a35fd341e983a25849f8277bb34044
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mantisbt/mantisbt/commit/72ab020a42a35fd341e983a25849f8277bb34044
3
reference_url https://mantisbt.org/blog/archives/mantisbt/613
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://mantisbt.org/blog/archives/mantisbt/613
4
reference_url https://mantisbt.org/bugs/view.php?id=24813
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://mantisbt.org/bugs/view.php?id=24813
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-17782
reference_id CVE-2018-17782
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-17782
6
reference_url https://github.com/advisories/GHSA-ggjm-7m5f-7xjv
reference_id GHSA-ggjm-7m5f-7xjv
reference_type
scores
url https://github.com/advisories/GHSA-ggjm-7m5f-7xjv
fixed_packages
0
url pkg:composer/mantisbt/mantisbt@2.17.2
purl pkg:composer/mantisbt/mantisbt@2.17.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n7b-6pyz-cka5
1
vulnerability VCID-1nq1-6hwz-7kcq
2
vulnerability VCID-1v33-u5bm-pyem
3
vulnerability VCID-5mtg-nbrw-jyhp
4
vulnerability VCID-843s-1vx7-nueb
5
vulnerability VCID-8676-5hmd-s3hm
6
vulnerability VCID-8cnw-f9a5-aygc
7
vulnerability VCID-8hsn-cvrk-1uh5
8
vulnerability VCID-8wux-1k2d-sbam
9
vulnerability VCID-d3yt-mkwe-33hu
10
vulnerability VCID-ed8g-bc8k-dkgq
11
vulnerability VCID-fwyx-hjd4-b7hh
12
vulnerability VCID-hxaw-gp24-9kfv
13
vulnerability VCID-jpyg-rbg3-rybh
14
vulnerability VCID-jqsn-z754-57ek
15
vulnerability VCID-jtj9-ccw1-8kd1
16
vulnerability VCID-kh1w-q4tc-6yhd
17
vulnerability VCID-m956-44xf-2qfz
18
vulnerability VCID-mubw-sf3f-n3fg
19
vulnerability VCID-n3nu-aawj-s7af
20
vulnerability VCID-qazy-c4se-fyfb
21
vulnerability VCID-smvy-4xzy-4fbq
22
vulnerability VCID-stgp-f24d-qqdp
23
vulnerability VCID-uk44-j13d-43ce
24
vulnerability VCID-uyk7-6syy-m7c3
25
vulnerability VCID-uzm1-jgsr-ufeg
26
vulnerability VCID-w3u1-um27-1uay
27
vulnerability VCID-y7ms-qz8n-3ugn
28
vulnerability VCID-ybzq-wt16-3bc2
29
vulnerability VCID-yhf6-qthy-nqb2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.17.2
aliases CVE-2018-17782, GHSA-ggjm-7m5f-7xjv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hz9e-tmbf-uydt
4
url VCID-smvy-4xzy-4fbq
vulnerability_id VCID-smvy-4xzy-4fbq
summary 
MantisBT XSS issue on the view_all_bug_page.php
An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on view_all_bug_page.php allows a remote attacker to inject arbitrary HTML into the page by saving it into a text Custom Field, leading to possible code execution in the browser of any user subsequently viewing the issue (if CSP settings allow it).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-16266
reference_id
reference_type
scores
0
value 0.00274
scoring_system epss
scoring_elements 0.50963
published_at 2026-06-04T12:55:00Z
1
value 0.00274
scoring_system epss
scoring_elements 0.5101
published_at 2026-06-07T12:55:00Z
2
value 0.00274
scoring_system epss
scoring_elements 0.5103
published_at 2026-06-06T12:55:00Z
3
value 0.00274
scoring_system epss
scoring_elements 0.51025
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-16266
1
reference_url https://github.com/mantisbt/mantisbt
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mantisbt/mantisbt
2
reference_url https://github.com/mantisbt/mantisbt/commit/9ef8f23a8119221d010251112b1255630a46d903
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mantisbt/mantisbt/commit/9ef8f23a8119221d010251112b1255630a46d903
3
reference_url https://mantisbt.org/blog/archives/mantisbt/665
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://mantisbt.org/blog/archives/mantisbt/665
4
reference_url https://mantisbt.org/bugs/view.php?id=27056
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://mantisbt.org/bugs/view.php?id=27056
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-16266
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-16266
6
reference_url https://github.com/advisories/GHSA-4rrc-5vp6-m3f6
reference_id GHSA-4rrc-5vp6-m3f6
reference_type
scores
url https://github.com/advisories/GHSA-4rrc-5vp6-m3f6
fixed_packages
0
url pkg:composer/mantisbt/mantisbt@2.24.2
purl pkg:composer/mantisbt/mantisbt@2.24.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n7b-6pyz-cka5
1
vulnerability VCID-1nq1-6hwz-7kcq
2
vulnerability VCID-5mtg-nbrw-jyhp
3
vulnerability VCID-843s-1vx7-nueb
4
vulnerability VCID-8676-5hmd-s3hm
5
vulnerability VCID-8hsn-cvrk-1uh5
6
vulnerability VCID-8wux-1k2d-sbam
7
vulnerability VCID-d3yt-mkwe-33hu
8
vulnerability VCID-ed8g-bc8k-dkgq
9
vulnerability VCID-fwyx-hjd4-b7hh
10
vulnerability VCID-hxaw-gp24-9kfv
11
vulnerability VCID-jpyg-rbg3-rybh
12
vulnerability VCID-jqsn-z754-57ek
13
vulnerability VCID-jtj9-ccw1-8kd1
14
vulnerability VCID-kh1w-q4tc-6yhd
15
vulnerability VCID-mubw-sf3f-n3fg
16
vulnerability VCID-n3nu-aawj-s7af
17
vulnerability VCID-qazy-c4se-fyfb
18
vulnerability VCID-stgp-f24d-qqdp
19
vulnerability VCID-ubun-zdjr-7uem
20
vulnerability VCID-uk44-j13d-43ce
21
vulnerability VCID-uyk7-6syy-m7c3
22
vulnerability VCID-uzm1-jgsr-ufeg
23
vulnerability VCID-w3u1-um27-1uay
24
vulnerability VCID-y7ms-qz8n-3ugn
25
vulnerability VCID-ybzq-wt16-3bc2
26
vulnerability VCID-yhf6-qthy-nqb2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.24.2
aliases CVE-2020-16266, GHSA-4rrc-5vp6-m3f6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-smvy-4xzy-4fbq
5
url VCID-x9k5-hczy-u3cd
vulnerability_id VCID-x9k5-hczy-u3cd
summary 
MantisBT allows XSS via View Filters page
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO.
references
0
reference_url http://github.com/mantisbt/mantisbt/commit/4efac90ed89a5c009108b641e2e95683791a165a
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/mantisbt/mantisbt/commit/4efac90ed89a5c009108b641e2e95683791a165a
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-13055
reference_id
reference_type
scores
0
value 0.00349
scoring_system epss
scoring_elements 0.57725
published_at 2026-06-05T12:55:00Z
1
value 0.00349
scoring_system epss
scoring_elements 0.57674
published_at 2026-06-04T12:55:00Z
2
value 0.00349
scoring_system epss
scoring_elements 0.57734
published_at 2026-06-06T12:55:00Z
3
value 0.00349
scoring_system epss
scoring_elements 0.57724
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-13055
2
reference_url https://github.com/mantisbt/mantisbt
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mantisbt/mantisbt
3
reference_url https://mantisbt.org/blog/archives/mantisbt/602
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://mantisbt.org/blog/archives/mantisbt/602
4
reference_url https://mantisbt.org/bugs/view.php?id=24580
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://mantisbt.org/bugs/view.php?id=24580
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-13055
reference_id CVE-2018-13055
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-13055
6
reference_url https://github.com/advisories/GHSA-mjp7-97w4-jwhc
reference_id GHSA-mjp7-97w4-jwhc
reference_type
scores
url https://github.com/advisories/GHSA-mjp7-97w4-jwhc
fixed_packages
0
url pkg:composer/mantisbt/mantisbt@2.15.1
purl pkg:composer/mantisbt/mantisbt@2.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n7b-6pyz-cka5
1
vulnerability VCID-1nq1-6hwz-7kcq
2
vulnerability VCID-1v33-u5bm-pyem
3
vulnerability VCID-516n-s5ts-eyg8
4
vulnerability VCID-5mtg-nbrw-jyhp
5
vulnerability VCID-6tnt-m23j-pyhv
6
vulnerability VCID-843s-1vx7-nueb
7
vulnerability VCID-8676-5hmd-s3hm
8
vulnerability VCID-8cnw-f9a5-aygc
9
vulnerability VCID-8hsn-cvrk-1uh5
10
vulnerability VCID-8wux-1k2d-sbam
11
vulnerability VCID-d3yt-mkwe-33hu
12
vulnerability VCID-ed8g-bc8k-dkgq
13
vulnerability VCID-fwyx-hjd4-b7hh
14
vulnerability VCID-hxaw-gp24-9kfv
15
vulnerability VCID-hz9e-tmbf-uydt
16
vulnerability VCID-jpyg-rbg3-rybh
17
vulnerability VCID-jqsn-z754-57ek
18
vulnerability VCID-jtj9-ccw1-8kd1
19
vulnerability VCID-kh1w-q4tc-6yhd
20
vulnerability VCID-m956-44xf-2qfz
21
vulnerability VCID-mubw-sf3f-n3fg
22
vulnerability VCID-n3nu-aawj-s7af
23
vulnerability VCID-qazy-c4se-fyfb
24
vulnerability VCID-smvy-4xzy-4fbq
25
vulnerability VCID-stgp-f24d-qqdp
26
vulnerability VCID-uk44-j13d-43ce
27
vulnerability VCID-uyk7-6syy-m7c3
28
vulnerability VCID-uzm1-jgsr-ufeg
29
vulnerability VCID-w3u1-um27-1uay
30
vulnerability VCID-y7ms-qz8n-3ugn
31
vulnerability VCID-ybzq-wt16-3bc2
32
vulnerability VCID-yhf6-qthy-nqb2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.15.1
aliases CVE-2018-13055, GHSA-mjp7-97w4-jwhc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x9k5-hczy-u3cd
6
url VCID-xymn-y9me-kbh9
vulnerability_id VCID-xymn-y9me-kbh9
summary 
MantisBT is Vulnerable to Stored XSS in Saved-Filter Owner Column
Incorrect escaping of a saved filter's owner allows an attacker to inject arbitrary HTML on systems where $g_show_user_realname = ON.

### Impact
Cross-site scripting (XSS).

Note that By default, only users with *Manager* access level or above can save their filters publicly

### Patches
- 44f490bcf20fd491c1b8f3fc9dd041d8c2a30010

### Workarounds
- Prevent display of users' real name (set `$g_ show_user_realname = OFF;` in configuration)
- Restrict ability to store filters (set $`g_stored_query_create_threshold` / $`g_stored_query_create_shared_threshold` to `NOBODY` 

### Credits
Thanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40607
reference_id
reference_type
scores
0
value 0.00054
scoring_system epss
scoring_elements 0.17099
published_at 2026-06-07T12:55:00Z
1
value 0.00054
scoring_system epss
scoring_elements 0.17133
published_at 2026-06-06T12:55:00Z
2
value 0.00054
scoring_system epss
scoring_elements 0.17138
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40607
1
reference_url https://github.com/mantisbt/mantisbt
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mantisbt/mantisbt
2
reference_url https://github.com/mantisbt/mantisbt/commit/44f490bcf20fd491c1b8f3fc9dd041d8c2a30010
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T18:51:03Z/
url https://github.com/mantisbt/mantisbt/commit/44f490bcf20fd491c1b8f3fc9dd041d8c2a30010
3
reference_url https://github.com/mantisbt/mantisbt/security/advisories/GHSA-f633-865q-2mhh
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T18:51:03Z/
url https://github.com/mantisbt/mantisbt/security/advisories/GHSA-f633-865q-2mhh
4
reference_url https://mantisbt.org/bugs/view.php?id=37015
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T18:51:03Z/
url https://mantisbt.org/bugs/view.php?id=37015
5
reference_url https://github.com/advisories/GHSA-f633-865q-2mhh
reference_id GHSA-f633-865q-2mhh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f633-865q-2mhh
fixed_packages
0
url pkg:composer/mantisbt/mantisbt@2.28.2
purl pkg:composer/mantisbt/mantisbt@2.28.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.28.2
aliases CVE-2026-40607, GHSA-f633-865q-2mhh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xymn-y9me-kbh9
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.1.0