Known Vulnerabilities for Mantisbt by Mantisbt

Listed below are 10 of the newest known vulnerabilities associated with "Mantisbt" by "Mantisbt".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-43257 Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execut... 7.8 - HIGH 2022-04-14 2022-04-22
CVE-2021-33557 An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return pa... 6.1 - MEDIUM 2021-06-17 2021-06-21
CVE-2020-29605 An issue was discovered in MantisBT before 2.24.4. Due to insufficient access-level checks, any logged-in user allowed to per... 4.3 - MEDIUM 2021-01-29 2021-01-30
CVE-2020-29604 An issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php allows an attacker (with rig... 6.5 - MEDIUM 2021-01-29 2021-01-30
CVE-2020-29603 In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names ... 4.3 - MEDIUM 2021-01-29 2021-01-30
CVE-2020-28413 In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SO... 6.5 - MEDIUM 2020-12-30 2021-01-05
CVE-2020-25830 An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HT... 4.8 - MEDIUM 2020-09-30 2020-10-13
CVE-2020-25781 An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are ... 4.3 - MEDIUM 2020-09-30 2021-07-21
CVE-2020-25288 An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Reg... 4.8 - MEDIUM 2020-09-30 2020-10-13
CVE-2020-16266 An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on view_all_bug_page.php allows a remote attacker to... 5.4 - MEDIUM 2020-08-12 2020-08-17

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationMantisbtMantisbt2.9.1AllAllAll
ApplicationMantisbtMantisbt2.9.0AllAllAll
ApplicationMantisbtMantisbt2.8.1AllAllAll
ApplicationMantisbtMantisbt2.8.0AllAllAll
ApplicationMantisbtMantisbt2.7.1AllAllAll
ApplicationMantisbtMantisbt2.7.0AllAllAll
ApplicationMantisbtMantisbt2.6.0AllAllAll
ApplicationMantisbtMantisbt2.5.2AllAllAll
ApplicationMantisbtMantisbt2.5.1AllAllAll
ApplicationMantisbtMantisbt2.5.0AllAllAll
ApplicationMantisbtMantisbt2.4.2AllAllAll
ApplicationMantisbtMantisbt2.4.1AllAllAll
ApplicationMantisbtMantisbt2.4.0AllAllAll
ApplicationMantisbtMantisbt2.3.3AllAllAll
ApplicationMantisbtMantisbt2.3.2AllAllAll
ApplicationMantisbtMantisbt2.3.1AllAllAll
ApplicationMantisbtMantisbt2.3.0AllAllAll
ApplicationMantisbtMantisbt2.24.4AllAllAll
ApplicationMantisbtMantisbt2.24.3AllAllAll
ApplicationMantisbtMantisbt2.24.2AllAllAll

Popular searches for Mantisbt

Mantis Bug Tracker

www.mantisbt.org

Mantis Bug Tracker MantisBT is a popular free web-based bug tracking system. It is written in PHP works with MySQL, MS SQL, and PostgreSQL databases. MantisBT Windows, Linux, Mac OS, OS/2, and others. It is released under the terms of the GNU General Public License GPL .

freshmeat.sourceforge.net/urls/08e107af31ee63add7af9bdb56f7e7a6 mantisbt.sourceforge.net ekklesia-online.com/free-hosting/options/project-management/mantis/link Mantis Bug Tracker Client (computing) Bug tracking system PHP GNU General Public License Web application Microsoft Windows PostgreSQL MySQL Microsoft SQL Server OS/2 Database Free software Macintosh operating systems Open-source software Issue tracking system User (computing) Patch (computing) Role-based access control Access control

© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report