CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44394 – Disclosure of project names to unauthorized users in MantisBT
https://notcve.org/view.php?id=CVE-2023-44394
MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit `65c44883f` which has been included in release `2.258`. Users are advised to upgrade. Users unable to upgrade should disable wiki integration ( `$g_wiki_enable = OFF;`). • https://github.com/mantisbt/mantisbt/commit/65c44883f9d24f3ccef066fb523c93d8fdd7afc1 https://github.com/mantisbt/mantisbt/security/advisories/GHSA-v642-mh27-8j6m https://mantisbt.org/bugs/view.php?id=32981 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-22476 – MantisBT: Exposure of Private issues' summary to unauthorized users
https://notcve.org/view.php?id=CVE-2023-22476
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the _Summary_ field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted `bug_arr[]` parameter in *bug_actiongroup_ext.php*. This issue is fixed in version 2.25.6. There are no workarounds. • https://github.com/mantisbt/mantisbt/security/advisories/GHSA-hf4x-6h87-hm79 https://www.mantisbt.org/bugs/view.php?id=31086 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2022-33910
https://notcve.org/view.php?id=CVE-2022-33910
An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download.php opens the SVG document in a browser tab instead of downloading it as a file, causing the JavaScript code to execute. Una vulnerabilidad de tipo XSS en MantisBT versiones anteriores a 2.25.5, permite a atacantes remotos adjuntar documentos SVG diseñados para emitir informes o notas de error. Cuando un usuario o un administrador hace clic en el archivo adjunto, file_download.php abre el documento SVG en una pestaña del navegador en lugar de descargarlo como archivo, causando una ejecución del código JavaScript • https://mantisbt.org/blog/archives/mantisbt/719 https://mantisbt.org/bugs/view.php?id=29135 https://mantisbt.org/bugs/view.php?id=30384 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2022-28508
https://notcve.org/view.php?id=CVE-2022-28508
An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field. Se ha detectado un problema de tipo XSS en el archivo browser_search_plugin.php en MantisBT versiones anteriores a 2.25.2. La salida sin esconder del parámetro return permite a un atacante inyectar código en un campo de entrada oculto • https://github.com/YavuzSahbaz/CVE-2022-28508 https://github.com/YavuzSahbaz/CVE-2022-28508/blob/main/MantisBT%202.25.2%20XSS%20vulnurability https://mantisbt.org https://sourceforge.net/projects/mantisbt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 9%CPEs: 1EXPL: 1CVE-2021-43257
https://notcve.org/view.php?id=CVE-2021-43257
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel. Una falta de neutralización de elementos de fórmula en la API CSV de MantisBT versiones anteriores a 2.25.3 permite que un atacante no privilegiado ejecute código u obtenga acceso a información cuando un usuario abre el archivo CSV generado por csv_export.php en Excel • https://github.com/mantisbt/mantisbt/commit/7f4534c723e3162b8784aebda4836324041dbc3e https://www.mantisbt.org/bugs/view.php?id=29130 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •