CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2013-1932
https://notcve.org/view.php?id=CVE-2013-1932
31 Oct 2019 — A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name. Una vulnerabilidad de tipo cross-site scripting (XSS) en la página de reporte de la configuración (archivo adm_config_report.php) en MantisBT versión 1.2.13, permite a usuarios autenticados remotos inyectar script web o HTML arbitrario por medio de un nombre de proyecto. • http://www.openwall.com/lists/oss-security/2013/04/06/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 3EXPL: 0CVE-2013-1931
https://notcve.org/view.php?id=CVE-2013-1931
31 Oct 2019 — A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version. Una vulnerabilidad de tipo cross-site scripting (XSS) en MantisBT versión 1.2.14, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de una versión, relacionada con la eliminación de una versión. • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103438.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2013-1930
https://notcve.org/view.php?id=CVE-2013-1930
31 Oct 2019 — MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues. MantisBT versiones 1.2.12 anteriores a 1.2.15, permite a usuarios autenticados la restricción del flujo de trabajo y cerrar problemas. • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103438.html • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 22%CPEs: 2EXPL: 5CVE-2019-15715 – Mantis Bug Tracker 2.3.0 - Remote Code Execution (Unauthenticated)
https://notcve.org/view.php?id=CVE-2019-15715
09 Oct 2019 — MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution. MantisBT versiones anteriores a 1.3.20 y 2.22.1, permite la Inyección de Comandos de Autenticación Post, lo que conlleva a la Ejecución de Código Remota. Mantis Bug Tracker version 2.3.0 suffers from a remote code execution vulnerability. • https://packetstorm.news/files/id/159219 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15074
https://notcve.org/view.php?id=CVE-2019-15074
21 Aug 2019 — The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed for any user having visibility to the issue, whenever My View Page is displayed. La función de línea de tiempo en my_view_page.php en MantisBT a través de la versión 2.21.1 tiene una vulnerabilidad de cross-site scripting (XSS) almacenada, lo que p... • https://github.com/mantisbt/mantisbt/commit/9cee1971c498bbe0a72bca1c773fae50171d8c27 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16514
https://notcve.org/view.php?id=CVE-2018-16514
20 Jun 2019 — A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filter_edit_page.php) in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-13055. Una vulnerabilidad de tipo cross-site scripting (XSS) en las páginas View Filters (view_filters_page.php) y Edit Filter (manage_filter_edit_page.php)... • https://mantisbt.org/bugs/view.php?id=24731 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-9839
https://notcve.org/view.php?id=CVE-2018-9839
06 Jun 2019 — An issue was discovered in MantisBT through 1.3.14, and 2.0.0. Using a crafted request on bug_report_page.php (modifying the 'm_id' parameter), any user with REPORTER access or above is able to view any private issue's details (summary, description, steps to reproduce, additional information) when cloning it. By checking the 'Copy issue notes' and 'Copy attachments' checkboxes and completing the clone operation, this data also becomes public (except private notes). Se descubrió un problema en MantisBT a tra... • https://github.com/mantisbt/mantisbt/commit/1fbcd9bca2f2c77cb61624d36ddee4b3802c38ea • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17782
https://notcve.org/view.php?id=CVE-2018-17782
30 Oct 2018 — A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name. Una vulnerabilidad de Cross-Site Scripting (XSS) en la página Manage Filters (manage_filter_page.php) en MantisBT, desde la versión 2.1.0 hasta la 2.17.1, permite que los atacantes remotos (si los derechos de acceso lo permiten) inyecten código a... • https://mantisbt.org/blog/archives/mantisbt/613 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17783
https://notcve.org/view.php?id=CVE-2018-17783
30 Oct 2018 — A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name. Una vulnerabilidad de Cross-Site Scripting (XSS) en la página Edit Filter (manage_filter_edit page.php) en MantisBT, desde la versión 2.1.0 hasta la 2.17.1, permite que los atacantes remotos (si los derechos de acceso lo permiten) inyecten códi... • https://mantisbt.org/blog/archives/mantisbt/613 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-16362
https://notcve.org/view.php?id=CVE-2018-16362
02 Sep 2018 — An issue was discovered in the Source Integration plugin before 1.5.9 and 2.x before 2.1.5 for MantisBT. A cross-site scripting (XSS) vulnerability in the Manage Repository and Changesets List pages allows execution of arbitrary code (if CSP settings permit it) via repo_manage_page.php or list.php. Se ha descubierto un problema en el plugin Source Integration en versiones anteriores a la 1.5.9 y versiones 2.x anteriores a la 2.1.5 para MantisBT. Una vulnerabilidad Cross-Site Scripting (XSS) en las páginas "... • https://github.com/mantisbt-plugins/source-integration/issues/286 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •