CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26144
https://notcve.org/view.php?id=CVE-2022-26144
13 Apr 2022 — An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code (if CSP allows it) in manage_plugin_page.php and manage_plugin_uninstall.php when a crafted plugin is installed. Se ha detectado un problema de tipo XSS en MantisBT versiones anteriores a 2.25.3. Un escape inapropiado del nombre de un plugin permite una ejecución de código arbitrario (si CSP lo permite) en los archivos manage_plugin_page.php y manage_plugin_uninstall.php cuando es ins... • https://mantisbt.org/bugs/view.php?id=29688 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 1CVE-2021-33557
https://notcve.org/view.php?id=CVE-2021-33557
17 Jun 2021 — An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field. Se ha detectado un problema de tipo XSS en el archivo manage_custom_field_edit_page.php en MantisBT versiones anteriores a 2.25.2. La salida sin escape del parámetro return permite a un atacante inyectar código en un campo hidden input • https://mantisbt.org/blog/archives/mantisbt/699 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2009-20001
https://notcve.org/view.php?id=CVE-2009-20001
07 Mar 2021 — An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as them. Se detectó un problema en MantisBT versiones anteriores a 2.24.5. Asocia una cadena de cookies única con cada usuario. • https://mantisbt.org/bugs/view.php?id=11296 • CWE-613: Insufficient Session Expiration •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35571
https://notcve.org/view.php?id=CVE-2020-35571
22 Feb 2021 — An issue was discovered in MantisBT through 2.24.3. In the helper_ensure_confirmed call in manage_custom_field_update.php, the custom field name is not sanitized. This may be problematic depending on CSP settings. Se detectó un problema en MantisBT versiones hasta 2.24.3. En la llamada de helper_ensure_confirmed en el archivo manage_custom_field_update.php, el nombre del campo personalizado no es saneado. • https://mantisbt.org/bugs/view.php?id=27768 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 2CVE-2020-29604
https://notcve.org/view.php?id=CVE-2020-29604
29 Jan 2021 — An issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php allows an attacker (with rights to create new issues) to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue (i.e., one having Private view status, or belonging to a private Project) via the bug_arr[] parameter. This provides full access to potentially confidential information. Se detectó un problema en MantisBT versiones anteriores a 2.24.4. Una falta d... • https://mantisbt.org/bugs/view.php?id=27357 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2020-29605
https://notcve.org/view.php?id=CVE-2020-29605
29 Jan 2021 — An issue was discovered in MantisBT before 2.24.4. Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary fields of private Issues via bug_arr[]= in a crafted bug_actiongroup_page.php URL. (The target Issues can have Private view status, or belong to a private Project.) Se detectó un problema en MantisBT versiones anteriores a 2.24.4. Debido a unas comprobaciones de nivel de acceso insuficientes, cualquier usuario que haya iniciado ses... • https://mantisbt.org/bugs/view.php?id=27357 • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2020-29603
https://notcve.org/view.php?id=CVE-2020-29603
29 Jan 2021 — In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them. En el archivo manage_proj_edit_page.php en MantisBT versiones anteriores a 2.24.4, cualquier usuario que haya iniciado sesión sin privilegios puede recuperar los nombres de los Proyectos Privados por medio del parámetro project_id del archivo manage_proj_edit_page.php, sin tener acceso a ellos • https://mantisbt.org/bugs/view.php?id=27357 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35849
https://notcve.org/view.php?id=CVE-2020-35849
30 Dec 2020 — An issue was discovered in MantisBT before 2.24.4. An incorrect access check in bug_revision_view_page.php allows an unprivileged attacker to view the Summary field of private issues, as well as bugnotes revisions, gaining access to potentially confidential information via the bugnote_id parameter. Se detectó un problema en MantisBT versiones anteriores a 2.24.4. Una comprobación incorrecta de acceso en el archivo bug_revision_view_page.php permite a un atacante poco privilegiado visualizar el campo Su... • https://mantisbt.org/bugs/view.php?id=27370 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25830
https://notcve.org/view.php?id=CVE-2020-25830
30 Sep 2020 — An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bug_actiongroup_page.php. Se detectó un problema en MantisBT versiones anteriores a 2.24.3. Un escape inapropiado de un nombre de campo personalizado permite a un atacante inyectar HTML y, si la configuración de CSP lo permite, lograr una ejecución de JavaScri... • http://github.com/mantisbt/mantisbt/commit/8c6f4d8859785b67fb80ac65100ac5259ed9237d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25781
https://notcve.org/view.php?id=CVE-2020-25781
30 Sep 2020 — An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly. Se detectó un problema en el archivo file_download.php en MantisBT versiones anteriores a 2.24.3. Los usuarios sin acceso para visualizar notas de problemas privados pueden descargar los archivos adjuntos (supuestamente privados) vinculados a esta... • http://github.com/mantisbt/mantisbt/commit/5595c90f11c48164331a20bb9c66098980516e93 • CWE-862: Missing Authorization •