Known Vulnerabilities for products from Mantis
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Mantis".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2008-4689 json | Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack ses... | 7.5 - HIGH | 2008-10-22 | 2017-08-08 |
| CVE-2008-4688 json | core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue dat... | 5 - MEDIUM | 2008-10-22 | 2009-02-10 |
| CVE-2008-4687 json | manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter ... | 9 - HIGH | 2008-10-22 | 2018-05-13 |
| CVE-2008-3333 json | Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute ... | 7.5 - HIGH | 2008-07-27 | 2017-08-08 |
| CVE-2008-3332 json | Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execu... | 6.5 - MEDIUM | 2008-07-27 | 2017-09-29 |
| CVE-2008-3331 json | Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inje... | 3.5 - LOW | 2008-07-27 | 2017-09-29 |
| CVE-2008-0404 json | Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTM... | 4.3 - MEDIUM | 2008-01-23 | 2017-08-08 |
| CVE-2007-6611 json | Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web s... | 4.3 - MEDIUM | 2008-01-03 | 2008-11-15 |
| CVE-2006-6574 json | Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attacke... | 5 - MEDIUM | 2006-12-15 | 2017-07-29 |
| CVE-2006-6515 json | Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, wh... | 10 - HIGH | 2006-12-14 | 2008-09-05 |
| CVE-2006-1577 json | Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote a... | 6.8 - MEDIUM | 2006-04-02 | 2017-07-20 |
| CVE-2006-0841 json | Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary ... | 4.3 - MEDIUM | 2006-02-22 | 2018-10-18 |
| CVE-2006-0840 json | manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character... | 5 - MEDIUM | 2006-02-22 | 2018-10-18 |
| CVE-2006-0665 json | Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and... | 10 - HIGH | 2006-02-13 | 2011-03-08 |
| CVE-2006-0664 json | Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject ar... | 4.3 - MEDIUM | 2006-02-13 | 2017-07-20 |
| CVE-2006-0147 json | Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple produ... | 7.5 - HIGH | 2006-01-09 | 2018-10-19 |
| CVE-2006-0146 json | The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3)... | 7.5 - HIGH | 2006-01-09 | 2018-10-19 |
| CVE-2005-4524 json | Mantis 1.0.0rc3 does not properly handle "Make note private" when a bug is being resolved, which has unknown impact and attac... | 5 - MEDIUM | 2005-12-28 | 2011-03-08 |
| CVE-2005-4523 json | Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive in... | 5 - MEDIUM | 2005-12-28 | 2011-03-08 |
| CVE-2005-4522 json | Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlie... | 4.3 - MEDIUM | 2005-12-28 | 2011-03-08 |