CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2017-7897
https://notcve.org/view.php?id=CVE-2017-7897
A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x before 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote attackers to inject arbitrary code (if CSP settings permit it) through crafted PATH_INFO in a URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs. Una vulnerabilidad XSS en el MantisBT (2.3.x en versiones anteriores a 2.3.2) Timeline incluye página, utilizada en My View (my_view_page.php) y páginas User Information (view_user_page.php), permite a atacantes remotos inyectar código arbitrario (si los ajustes CSP lo permiten) a través de PATH_INFO manipulado en una URL, debido al uso de $_SERVER['PHP_SELF'] no desinfectado para generar URLs. • http://www.mantisbt.org/bugs/view.php?id=22742 http://www.securitytracker.com/id/1038278 https://github.com/mantisbt/mantisbt/commit/a1c719313d61b07bbe8700005807b8195fdc32f1 https://github.com/mantisbt/mantisbt/pull/1094 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 97%CPEs: 1EXPL: 4CVE-2017-7615 – Mantis Bug Tracker 2.3.0 - Remote Code Execution (Unauthenticated)
https://notcve.org/view.php?id=CVE-2017-7615
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. MantisBT hasta la versión 2.3.0 permite reinicio de contraseña arbitrario y acceso de administrador no autenticado a través de un valor confirm_hash vacío para verify.php Mantis Bug Tracker versions 1.3.0 and 2.3.0 suffer from a pre-authentication remote password reset vulnerability. • https://www.exploit-db.com/exploits/48818 https://www.exploit-db.com/exploits/41890 http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt http://packetstormsecurity.com/files/159219/Mantis-Bug-Tracker-2.3.0-Remote-Code-Execution.html http://www.openwall.com/lists/oss-security/2017/04/16/2 http://www.securityfocus.com/bid/97707 https://mantisbt.org/bugs/view.php?id=22690 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 4.8EPSS: 0%CPEs: 23EXPL: 1CVE-2017-6973
https://notcve.org/view.php?id=CVE-2017-6973
A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2. Una vulnerabilidad XSS en la página Informe de configuración de MantisBT (adm_config_report.php) permite a atacantes remotos inyectar código arbitrario a través de un parámetro 'acción' creado. Esto se fija en 1.3.8, 2.1.2 y 2.2.2. • http://openwall.com/lists/oss-security/2017/03/30/4 http://www.mantisbt.org/bugs/view.php?id=22537 http://www.securityfocus.com/bid/97252 http://www.securitytracker.com/id/1038169 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 35EXPL: 1CVE-2017-7241
https://notcve.org/view.php?id=CVE-2017-7241
A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) settings allows it. This is fixed in 1.3.9, 2.1.3, and 2.2.3. Note that this vulnerability is not exploitable if the admin tools directory is removed, as recommended in the "Post-installation and upgrade tasks" of the MantisBT Admin Guide. A reminder to do so is also displayed on the login page. Una vulnerabilidad XSS en la página MantisBT Move Attachments (move_attachments_page.php, parte de las herramientas de administración) permite a atacantes remotos inyectar código arbitrario mediante un parámetro 'type' manipulado si la configuración de CSP lo permite. • http://openwall.com/lists/oss-security/2017/03/30/4 http://www.mantisbt.org/bugs/view.php?id=22568 http://www.securityfocus.com/bid/97253 http://www.securitytracker.com/id/1038169 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 5%CPEs: 24EXPL: 1CVE-2017-7309
https://notcve.org/view.php?id=CVE-2017-7309
A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3. Una vulnerabilidad XSS en la página informe de configuración de MantisBT (adm_config_report.php) permite a atacantes remotos inyectar código arbitrario (si la configuración de CSP lo permite) mediante un parámetro 'config_option' manipulado. Esto se fija en 1.3.9, 2.1.3 y 2.2.3. • http://openwall.com/lists/oss-security/2017/03/30/4 http://www.mantisbt.org/bugs/view.php?id=22579 http://www.securityfocus.com/bid/97251 http://www.securitytracker.com/id/1038169 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •