CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 0CVE-2006-6515
https://notcve.org/view.php?id=CVE-2006-6515
14 Dec 2006 — Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders. Mantis en versiones anteriores a la 1.1.0a2 establece el valor por defecto del $g_bug_reminder_threshold a "reporter" en vez de un rol con más privilegios, lo cual tiene un impacto desconocido y vectores de ataque, posiblemente relacionado con la frecuencia de los recordatorios. • http://sourceforge.net/project/shownotes.php?release_id=469627 •
CVSS: 9.1EPSS: 2%CPEs: 61EXPL: 1CVE-2006-0840
https://notcve.org/view.php?id=CVE-2006-0840
22 Feb 2006 — manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519. • http://morph3us.org/advisories/20060214-mantis-100rc4.txt •
CVSS: 6.1EPSS: 0%CPEs: 61EXPL: 3CVE-2006-0841 – Mantis Bug Tracker 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-0841
22 Feb 2006 — Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) mana... • https://www.exploit-db.com/exploits/27229 •
CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 1CVE-2005-4523
https://notcve.org/view.php?id=CVE-2005-4523
28 Dec 2005 — Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information. • http://secunia.com/advisories/18181 •
CVSS: 9.8EPSS: 0%CPEs: 50EXPL: 1CVE-2005-4518
https://notcve.org/view.php?id=CVE-2005-4518
28 Dec 2005 — Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the max_file_size parameter to (1) bug_file_add.php, (2) bug_report.php, (3) bug_report_advanced_page.php, and (4) proj_doc_add_page.php. • http://secunia.com/advisories/18181 •
CVSS: 9.8EPSS: 2%CPEs: 65EXPL: 1CVE-2005-4519
https://notcve.org/view.php?id=CVE-2005-4519
28 Dec 2005 — Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php. • http://secunia.com/advisories/18181 •
CVSS: 6.1EPSS: 0%CPEs: 65EXPL: 2CVE-2005-4238 – Mantis Bug Tracker 0.x/1.0 - 'View_filters_page.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-4238
14 Dec 2005 — Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter. • https://www.exploit-db.com/exploits/26798 •
CVSS: 6.1EPSS: 0%CPEs: 59EXPL: 0CVE-2005-3091
https://notcve.org/view.php?id=CVE-2005-3091
28 Sep 2005 — Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 "thraxisp". • http://secunia.com/advisories/16506 •
CVSS: 6.1EPSS: 0%CPEs: 50EXPL: 1CVE-2004-1730
https://notcve.org/view.php?id=CVE-2004-1730
31 Dec 2004 — Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php. • http://marc.info/?l=bugtraq&m=109312225727345&w=2 •
CVSS: 5.3EPSS: 0%CPEs: 56EXPL: 0CVE-2004-2666
https://notcve.org/view.php?id=CVE-2004-2666
31 Dec 2004 — Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page. • http://bugs.mantisbugtracker.com/view.php?id=4724 •