Known Vulnerabilities for products from Mantisbt
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Mantisbt".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-43257 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.8 - HIGH | 2022-04-14 | 2022-04-22 |
| CVE-2021-33557 | An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return pa... | 6.1 - MEDIUM | 2021-06-17 | 2021-06-21 |
| CVE-2020-36192 | An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summar... | 5.3 - MEDIUM | 2021-01-18 | 2021-01-22 |
| CVE-2020-35849 | An issue was discovered in MantisBT before 2.24.4. An incorrect access check in bug_revision_view_page.php allows an unprivil... | 7.5 - HIGH | 2020-12-30 | 2021-07-21 |
| CVE-2020-35571 | An issue was discovered in MantisBT through 2.24.3. In the helper_ensure_confirmed call in manage_custom_field_update.php, th... | 6.1 - MEDIUM | 2021-02-22 | 2021-02-26 |
| CVE-2020-29605 | An issue was discovered in MantisBT before 2.24.4. Due to insufficient access-level checks, any logged-in user allowed to per... | 4.3 - MEDIUM | 2021-01-29 | 2021-01-30 |
| CVE-2020-29604 | An issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php allows an attacker (with rig... | 6.5 - MEDIUM | 2021-01-29 | 2021-01-30 |
| CVE-2020-29603 | In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names ... | 4.3 - MEDIUM | 2021-01-29 | 2021-01-30 |
| CVE-2020-28413 | In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SO... | 6.5 - MEDIUM | 2020-12-30 | 2021-01-05 |
| CVE-2020-25830 | An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HT... | 4.8 - MEDIUM | 2020-09-30 | 2020-10-13 |
| CVE-2020-25781 | An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are ... | 4.3 - MEDIUM | 2020-09-30 | 2021-07-21 |
| CVE-2020-25288 | An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Reg... | 4.8 - MEDIUM | 2020-09-30 | 2020-10-13 |
| CVE-2020-16266 | An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on view_all_bug_page.php allows a remote attacker to... | 5.4 - MEDIUM | 2020-08-12 | 2020-08-17 |
| CVE-2020-8981 | A cross-site scripting (XSS) vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 ... | 6.1 - MEDIUM | 2020-02-13 | 2020-02-19 |
| CVE-2019-15715 | MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution. | 7.2 - HIGH | 2019-10-09 | 2023-01-20 |
| CVE-2019-15539 | The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vu... | 6.1 - MEDIUM | 2020-03-19 | 2020-03-24 |
| CVE-2019-15074 | The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, al... | 9.6 - CRITICAL | 2019-08-21 | 2019-09-04 |
| CVE-2018-17783 | A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.... | 5.4 - MEDIUM | 2018-10-30 | 2018-12-07 |
| CVE-2018-17782 | A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17... | 5.4 - MEDIUM | 2018-10-30 | 2018-12-07 |
| CVE-2018-16514 | A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filt... | 4.7 - MEDIUM | 2019-06-20 | 2019-06-21 |
Known software with vulnerabilities from Mantisbt
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Mantisbt | Mantisbt | 0.18.0 |
| Application | Mantisbt | Source Integration | - |
Popular searches for "Mantisbt"
MantisApp - Mantis Bug Tracker
apps.apple.com/us/app/mantisapp-mantis-bug-tracker/id730843063 Search in App StoreApp Store MantisApp - Mantis Bug Tracker Productivity
Mantis Bug Tracker
www.mantisbt.orgMantis Bug Tracker MantisBT is a popular free web-based bug tracking system. It is written in PHP works with MySQL, MS SQL, and PostgreSQL databases. MantisBT Windows, Linux, Mac OS, OS/2, and others. It is released under the terms of the GNU General Public License GPL .
freshmeat.sourceforge.net/urls/08e107af31ee63add7af9bdb56f7e7a6 mantisbt.sourceforge.net ekklesia-online.com/free-hosting/options/project-management/mantis/link Mantis Bug Tracker Client (computing) Bug tracking system PHP GNU General Public License Web application Microsoft Windows PostgreSQL MySQL Microsoft SQL Server OS/2 Database Free software Macintosh operating systems Open-source software Issue tracking system User (computing) Patch (computing) Role-based access control Access control