NotCVE - vendor:"Mantisbt" product:"Mantisbt" version:" <= 1.3.0"

Page 6 of 103 results (0.003 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2013-1932

https://notcve.org/view.php?id=CVE-2013-1932

A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name. Una vulnerabilidad de tipo cross-site scripting (XSS) en la página de reporte de la configuración (archivo adm_config_report.php) en MantisBT versión 1.2.13, permite a usuarios autenticados remotos inyectar script web o HTML arbitrario por medio de un nombre de proyecto. • http://www.openwall.com/lists/oss-security/2013/04/06/4 http://www.securityfocus.com/bid/58893 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1932 https://mantisbt.org/bugs/view.php?id=15415 https://security-tracker.debian.org/tracker/CVE-2013-1932 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

CVE-2013-1931

https://notcve.org/view.php?id=CVE-2013-1931

A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version. Una vulnerabilidad de tipo cross-site scripting (XSS) en MantisBT versión 1.2.14, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de una versión, relacionada con la eliminación de una versión. • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103438.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103459.html http://www.openwall.com/lists/oss-security/2013/04/06/4 http://www.securityfocus.com/bid/58889 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1931 https://mantisbt.org/bugs/view.php?id=15511 https://security-tracker.debian.org/tracker/CVE-2013-1931 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2013-1930

https://notcve.org/view.php?id=CVE-2013-1930

MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues. MantisBT versiones 1.2.12 anteriores a 1.2.15, permite a usuarios autenticados la restricción del flujo de trabajo y cerrar problemas. • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103438.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103459.html http://www.openwall.com/lists/oss-security/2013/04/06/4 http://www.securityfocus.com/bid/58890 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1930 https://exchange.xforce.ibmcloud.com/vulnerabilities/83796 https://mantisbt.org/bugs/view.php?id=15453 https://security-tracker.debian.org/tracker/CVE-2013-1930 • CWE-20: Improper Input Validation •

CVSS: 7.2EPSS: 2%CPEs: 2EXPL: 4

CVE-2019-15715 – Mantis Bug Tracker 2.3.0 - Remote Code Execution (Unauthenticated)

https://notcve.org/view.php?id=CVE-2019-15715

MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution. MantisBT versiones anteriores a 1.3.20 y 2.22.1, permite la Inyección de Comandos de Autenticación Post, lo que conlleva a la Ejecución de Código Remota. Mantis Bug Tracker version 2.3.0 suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/48818 http://packetstormsecurity.com/files/159219/Mantis-Bug-Tracker-2.3.0-Remote-Code-Execution.html https://github.com/mantisbt/mantisbt/commit/5fb979604d88c630343b3eaf2b435cd41918c501 https://github.com/mantisbt/mantisbt/commit/7092573fac31eff41823f13540324db167c8bd52 https://github.com/mantisbt/mantisbt/commit/cebfb9acb3686e8904d80bd4bc80720b54ba08e5 https://github.com/mantisbt/mantisbt/commit/fc7668c8e45db55fc3a4b991ea99d2b80861a14c https://mantisbt.org/bugs/changelog_page.php?project=mantisbt https://mantisbt& • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1

CVE-2018-9839

https://notcve.org/view.php?id=CVE-2018-9839

An issue was discovered in MantisBT through 1.3.14, and 2.0.0. Using a crafted request on bug_report_page.php (modifying the 'm_id' parameter), any user with REPORTER access or above is able to view any private issue's details (summary, description, steps to reproduce, additional information) when cloning it. By checking the 'Copy issue notes' and 'Copy attachments' checkboxes and completing the clone operation, this data also becomes public (except private notes). Se descubrió un problema en MantisBT a través de 1.3.14 y 2.0.0. Al usar una solicitud diseñada en bug_report_page.php (modificando el parámetro 'm_id'), cualquier usuario con acceso a REPORTER o superior puede ver los detalles de cualquier problema privado (resumen, descripción, pasos para reproducir, información adicional) al clonarlo. • https://github.com/mantisbt/mantisbt/commit/1fbcd9bca2f2c77cb61624d36ddee4b3802c38ea https://mantisbt.org/bugs/view.php?id=24221 • CWE-20: Improper Input Validation •

1...4 5 6 7 8