Known Vulnerabilities for products from Mantisbt
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Mantisbt".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-44394 json | MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can re... | 4.3 - MEDIUM | 2023-10-16 | 2023-10-23 |
| CVE-2023-22476 json | Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level ... | 4.3 - MEDIUM | 2023-02-23 | 2023-11-07 |
| CVE-2022-33910 json | An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bu... | 5.4 - MEDIUM | 2022-06-24 | 2022-07-06 |
| CVE-2022-28508 json | An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter ... | 6.1 - MEDIUM | 2022-05-04 | 2022-05-12 |
| CVE-2022-26144 json | An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code ... | 6.1 - MEDIUM | 2022-04-13 | 2022-04-20 |
| CVE-2021-43257 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.8 - HIGH | 2022-04-14 | 2022-04-22 |
| CVE-2021-33557 json | An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return pa... | 6.1 - MEDIUM | 2021-06-17 | 2021-06-21 |
| CVE-2020-36192 json | An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summar... | 5.3 - MEDIUM | 2021-01-18 | 2021-01-22 |
| CVE-2020-35849 json | An issue was discovered in MantisBT before 2.24.4. An incorrect access check in bug_revision_view_page.php allows an unprivil... | 7.5 - HIGH | 2020-12-30 | 2021-07-21 |
| CVE-2020-35571 json | An issue was discovered in MantisBT through 2.24.3. In the helper_ensure_confirmed call in manage_custom_field_update.php, th... | 6.1 - MEDIUM | 2021-02-22 | 2021-02-26 |
| CVE-2020-29605 json | An issue was discovered in MantisBT before 2.24.4. Due to insufficient access-level checks, any logged-in user allowed to per... | 4.3 - MEDIUM | 2021-01-29 | 2021-01-30 |
| CVE-2020-29604 json | An issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php allows an attacker (with rig... | 6.5 - MEDIUM | 2021-01-29 | 2021-01-30 |
| CVE-2020-29603 json | In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names ... | 4.3 - MEDIUM | 2021-01-29 | 2021-01-30 |
| CVE-2020-28413 json | In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SO... | 6.5 - MEDIUM | 2020-12-30 | 2021-01-05 |
| CVE-2020-25830 json | An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HT... | 4.8 - MEDIUM | 2020-09-30 | 2020-10-13 |
| CVE-2020-25781 json | An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are ... | 4.3 - MEDIUM | 2020-09-30 | 2021-07-21 |
| CVE-2020-25288 json | An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Reg... | 4.8 - MEDIUM | 2020-09-30 | 2020-10-13 |
| CVE-2020-16266 json | An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on view_all_bug_page.php allows a remote attacker to... | 5.4 - MEDIUM | 2020-08-12 | 2020-08-17 |
| CVE-2020-8981 json | A cross-site scripting (XSS) vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 ... | 6.1 - MEDIUM | 2020-02-13 | 2020-02-19 |
| CVE-2019-15715 json | MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution. | 7.2 - HIGH | 2019-10-09 | 2023-01-20 |
Known software with vulnerabilities from Mantisbt
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Mantisbt | Mantisbt | 0.18.0 |
| Application | Mantisbt | Source Integration | - |