Known Vulnerabilities for products from Mantisbt

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Mantisbt".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-43257 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 7.8 - HIGH 2022-04-14 2022-04-22
CVE-2021-33557 An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return pa... 6.1 - MEDIUM 2021-06-17 2021-06-21
CVE-2020-36192 An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summar... 5.3 - MEDIUM 2021-01-18 2021-01-22
CVE-2020-35849 An issue was discovered in MantisBT before 2.24.4. An incorrect access check in bug_revision_view_page.php allows an unprivil... 7.5 - HIGH 2020-12-30 2021-07-21
CVE-2020-35571 An issue was discovered in MantisBT through 2.24.3. In the helper_ensure_confirmed call in manage_custom_field_update.php, th... 6.1 - MEDIUM 2021-02-22 2021-02-26
CVE-2020-29605 An issue was discovered in MantisBT before 2.24.4. Due to insufficient access-level checks, any logged-in user allowed to per... 4.3 - MEDIUM 2021-01-29 2021-01-30
CVE-2020-29604 An issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php allows an attacker (with rig... 6.5 - MEDIUM 2021-01-29 2021-01-30
CVE-2020-29603 In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names ... 4.3 - MEDIUM 2021-01-29 2021-01-30
CVE-2020-28413 In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SO... 6.5 - MEDIUM 2020-12-30 2021-01-05
CVE-2020-25830 An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HT... 4.8 - MEDIUM 2020-09-30 2020-10-13
CVE-2020-25781 An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are ... 4.3 - MEDIUM 2020-09-30 2021-07-21
CVE-2020-25288 An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Reg... 4.8 - MEDIUM 2020-09-30 2020-10-13
CVE-2020-16266 An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on view_all_bug_page.php allows a remote attacker to... 5.4 - MEDIUM 2020-08-12 2020-08-17
CVE-2020-8981 A cross-site scripting (XSS) vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 ... 6.1 - MEDIUM 2020-02-13 2020-02-19
CVE-2019-15715 MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution. 7.2 - HIGH 2019-10-09 2023-01-20
CVE-2019-15539 The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vu... 6.1 - MEDIUM 2020-03-19 2020-03-24
CVE-2019-15074 The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, al... 9.6 - CRITICAL 2019-08-21 2019-09-04
CVE-2018-17783 A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.... 5.4 - MEDIUM 2018-10-30 2018-12-07
CVE-2018-17782 A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17... 5.4 - MEDIUM 2018-10-30 2018-12-07
CVE-2018-16514 A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filt... 4.7 - MEDIUM 2019-06-20 2019-06-21

Known software with vulnerabilities from Mantisbt

Type Vendor Product Version
ApplicationMantisbtSource Integration-

Popular searches for "Mantisbt"

Mantis Bug Tracker

Mantis Bug Tracker MantisBT is a popular free web-based bug tracking system. It is written in PHP works with MySQL, MS SQL, and PostgreSQL databases. MantisBT Windows, Linux, Mac OS, OS/2, and others. It is released under the terms of the GNU General Public License GPL . Mantis Bug Tracker Client (computing) Bug tracking system PHP GNU General Public License Web application Microsoft Windows PostgreSQL MySQL Microsoft SQL Server OS/2 Database Free software Macintosh operating systems Open-source software Issue tracking system User (computing) Patch (computing) Role-based access control Access control