CVE-2021-43257
https://notcve.org/view.php?id=CVE-2021-43257
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel. Una falta de neutralización de elementos de fórmula en la API CSV de MantisBT versiones anteriores a 2.25.3 permite que un atacante no privilegiado ejecute código u obtenga acceso a información cuando un usuario abre el archivo CSV generado por csv_export.php en Excel • https://github.com/mantisbt/mantisbt/commit/7f4534c723e3162b8784aebda4836324041dbc3e https://www.mantisbt.org/bugs/view.php?id=29130 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVE-2022-26144
https://notcve.org/view.php?id=CVE-2022-26144
An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code (if CSP allows it) in manage_plugin_page.php and manage_plugin_uninstall.php when a crafted plugin is installed. Se ha detectado un problema de tipo XSS en MantisBT versiones anteriores a 2.25.3. Un escape inapropiado del nombre de un plugin permite una ejecución de código arbitrario (si CSP lo permite) en los archivos manage_plugin_page.php y manage_plugin_uninstall.php cuando es instalado un plugin diseñado • https://mantisbt.org/bugs/view.php?id=29688 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-33557
https://notcve.org/view.php?id=CVE-2021-33557
An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field. Se ha detectado un problema de tipo XSS en el archivo manage_custom_field_edit_page.php en MantisBT versiones anteriores a 2.25.2. La salida sin escape del parámetro return permite a un atacante inyectar código en un campo hidden input • https://mantisbt.org/blog/archives/mantisbt/699 https://mantisbt.org/bugs/view.php?id=28552 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-20001
https://notcve.org/view.php?id=CVE-2009-20001
An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as them. Se detectó un problema en MantisBT versiones anteriores a 2.24.5. Asocia una cadena de cookies única con cada usuario. • https://mantisbt.org/bugs/view.php?id=11296 https://mantisbt.org/bugs/view.php?id=27976 • CWE-613: Insufficient Session Expiration •
CVE-2020-35571
https://notcve.org/view.php?id=CVE-2020-35571
An issue was discovered in MantisBT through 2.24.3. In the helper_ensure_confirmed call in manage_custom_field_update.php, the custom field name is not sanitized. This may be problematic depending on CSP settings. Se detectó un problema en MantisBT versiones hasta 2.24.3. En la llamada de helper_ensure_confirmed en el archivo manage_custom_field_update.php, el nombre del campo personalizado no es saneado. • https://mantisbt.org/bugs/view.php?id=27768 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •