CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-22476 – MantisBT: Exposure of Private issues' summary to unauthorized users
https://notcve.org/view.php?id=CVE-2023-22476
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the _Summary_ field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted `bug_arr[]` parameter in *bug_actiongroup_ext.php*. This issue is fixed in version 2.25.6. There are no workarounds. • https://github.com/mantisbt/mantisbt/security/advisories/GHSA-hf4x-6h87-hm79 https://www.mantisbt.org/bugs/view.php?id=31086 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2022-33910
https://notcve.org/view.php?id=CVE-2022-33910
An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download.php opens the SVG document in a browser tab instead of downloading it as a file, causing the JavaScript code to execute. Una vulnerabilidad de tipo XSS en MantisBT versiones anteriores a 2.25.5, permite a atacantes remotos adjuntar documentos SVG diseñados para emitir informes o notas de error. Cuando un usuario o un administrador hace clic en el archivo adjunto, file_download.php abre el documento SVG en una pestaña del navegador en lugar de descargarlo como archivo, causando una ejecución del código JavaScript • https://mantisbt.org/blog/archives/mantisbt/719 https://mantisbt.org/bugs/view.php?id=29135 https://mantisbt.org/bugs/view.php?id=30384 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2022-28508
https://notcve.org/view.php?id=CVE-2022-28508
An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field. Se ha detectado un problema de tipo XSS en el archivo browser_search_plugin.php en MantisBT versiones anteriores a 2.25.2. La salida sin esconder del parámetro return permite a un atacante inyectar código en un campo de entrada oculto • https://github.com/YavuzSahbaz/CVE-2022-28508 https://github.com/YavuzSahbaz/CVE-2022-28508/blob/main/MantisBT%202.25.2%20XSS%20vulnurability https://mantisbt.org https://sourceforge.net/projects/mantisbt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 9%CPEs: 1EXPL: 1CVE-2021-43257
https://notcve.org/view.php?id=CVE-2021-43257
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel. Una falta de neutralización de elementos de fórmula en la API CSV de MantisBT versiones anteriores a 2.25.3 permite que un atacante no privilegiado ejecute código u obtenga acceso a información cuando un usuario abre el archivo CSV generado por csv_export.php en Excel • https://github.com/mantisbt/mantisbt/commit/7f4534c723e3162b8784aebda4836324041dbc3e https://www.mantisbt.org/bugs/view.php?id=29130 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26144
https://notcve.org/view.php?id=CVE-2022-26144
An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code (if CSP allows it) in manage_plugin_page.php and manage_plugin_uninstall.php when a crafted plugin is installed. Se ha detectado un problema de tipo XSS en MantisBT versiones anteriores a 2.25.3. Un escape inapropiado del nombre de un plugin permite una ejecución de código arbitrario (si CSP lo permite) en los archivos manage_plugin_page.php y manage_plugin_uninstall.php cuando es instalado un plugin diseñado • https://mantisbt.org/bugs/view.php?id=29688 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •