CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1934
https://notcve.org/view.php?id=CVE-2013-1934
A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value. Una vulnerabilidad de tipo cross-site scripting (XSS) en la página de reporte de la configuración (archivo adm_config_report.php) en MantisBT versiones 1.2.0rc1 anteriores a 1.2.14, permite a usuarios autenticados remotos inyectar script web o HTML arbitrario por medio de un valor complejo. • http://www.debian.org/security/2015/dsa-3120 http://www.openwall.com/lists/oss-security/2013/04/09/1 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1934 https://mantisbt.org/bugs/view.php?id=15416 https://security-tracker.debian.org/tracker/CVE-2013-1934 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2013-1932
https://notcve.org/view.php?id=CVE-2013-1932
A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name. Una vulnerabilidad de tipo cross-site scripting (XSS) en la página de reporte de la configuración (archivo adm_config_report.php) en MantisBT versión 1.2.13, permite a usuarios autenticados remotos inyectar script web o HTML arbitrario por medio de un nombre de proyecto. • http://www.openwall.com/lists/oss-security/2013/04/06/4 http://www.securityfocus.com/bid/58893 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1932 https://mantisbt.org/bugs/view.php?id=15415 https://security-tracker.debian.org/tracker/CVE-2013-1932 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2013-1931
https://notcve.org/view.php?id=CVE-2013-1931
A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version. Una vulnerabilidad de tipo cross-site scripting (XSS) en MantisBT versión 1.2.14, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de una versión, relacionada con la eliminación de una versión. • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103438.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103459.html http://www.openwall.com/lists/oss-security/2013/04/06/4 http://www.securityfocus.com/bid/58889 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1931 https://mantisbt.org/bugs/view.php?id=15511 https://security-tracker.debian.org/tracker/CVE-2013-1931 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2013-1930
https://notcve.org/view.php?id=CVE-2013-1930
MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues. MantisBT versiones 1.2.12 anteriores a 1.2.15, permite a usuarios autenticados la restricción del flujo de trabajo y cerrar problemas. • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103438.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103459.html http://www.openwall.com/lists/oss-security/2013/04/06/4 http://www.securityfocus.com/bid/58890 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1930 https://exchange.xforce.ibmcloud.com/vulnerabilities/83796 https://mantisbt.org/bugs/view.php?id=15453 https://security-tracker.debian.org/tracker/CVE-2013-1930 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 2%CPEs: 2EXPL: 4CVE-2019-15715 – Mantis Bug Tracker 2.3.0 - Remote Code Execution (Unauthenticated)
https://notcve.org/view.php?id=CVE-2019-15715
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution. MantisBT versiones anteriores a 1.3.20 y 2.22.1, permite la Inyección de Comandos de Autenticación Post, lo que conlleva a la Ejecución de Código Remota. Mantis Bug Tracker version 2.3.0 suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/48818 http://packetstormsecurity.com/files/159219/Mantis-Bug-Tracker-2.3.0-Remote-Code-Execution.html https://github.com/mantisbt/mantisbt/commit/5fb979604d88c630343b3eaf2b435cd41918c501 https://github.com/mantisbt/mantisbt/commit/7092573fac31eff41823f13540324db167c8bd52 https://github.com/mantisbt/mantisbt/commit/cebfb9acb3686e8904d80bd4bc80720b54ba08e5 https://github.com/mantisbt/mantisbt/commit/fc7668c8e45db55fc3a4b991ea99d2b80861a14c https://mantisbt.org/bugs/changelog_page.php?project=mantisbt https://mantisbt& • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •