CVSS: 8.8EPSS: 97%CPEs: 1EXPL: 4CVE-2017-7615 – Mantis Bug Tracker 2.3.0 - Remote Code Execution (Unauthenticated)
https://notcve.org/view.php?id=CVE-2017-7615
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. MantisBT hasta la versión 2.3.0 permite reinicio de contraseña arbitrario y acceso de administrador no autenticado a través de un valor confirm_hash vacío para verify.php Mantis Bug Tracker versions 1.3.0 and 2.3.0 suffer from a pre-authentication remote password reset vulnerability. • https://www.exploit-db.com/exploits/48818 https://www.exploit-db.com/exploits/41890 http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt http://packetstormsecurity.com/files/159219/Mantis-Bug-Tracker-2.3.0-Remote-Code-Execution.html http://www.openwall.com/lists/oss-security/2017/04/16/2 http://www.securityfocus.com/bid/97707 https://mantisbt.org/bugs/view.php?id=22690 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 4.8EPSS: 0%CPEs: 35EXPL: 1CVE-2017-7241
https://notcve.org/view.php?id=CVE-2017-7241
A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) settings allows it. This is fixed in 1.3.9, 2.1.3, and 2.2.3. Note that this vulnerability is not exploitable if the admin tools directory is removed, as recommended in the "Post-installation and upgrade tasks" of the MantisBT Admin Guide. A reminder to do so is also displayed on the login page. Una vulnerabilidad XSS en la página MantisBT Move Attachments (move_attachments_page.php, parte de las herramientas de administración) permite a atacantes remotos inyectar código arbitrario mediante un parámetro 'type' manipulado si la configuración de CSP lo permite. • http://openwall.com/lists/oss-security/2017/03/30/4 http://www.mantisbt.org/bugs/view.php?id=22568 http://www.securityfocus.com/bid/97253 http://www.securitytracker.com/id/1038169 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7222
https://notcve.org/view.php?id=CVE-2017-7222
A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged access to MantisBT configuration management pages (i.e., administrator access rights) or altering the system configuration file (config_inc.php). Vulnerabilidad de XSS en MantisBT en versiones anteriores a 2.1.1 permite a atacantes remotos inyectar código HTML arbitrario o JavaScript (si los ajustes MantisBT's CSP lo permiten) modificando 'window_title' en la configuración de la aplicación. Esto requiere un acceso privilegiado a las páginas de gestión de configuración de MantisBT (es decir, derechos de acceso de administrador) o alterar el archivo de configuración del sistema (config_inc.php). • http://github.com/mantisbt/mantisbt/commit/a85b0b96c8ebe3e010d0d016cf88ab3c8bfc196a https://mantisbt.org/bugs/view.php?id=22266 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2017-6799
https://notcve.org/view.php?id=CVE-2017-6799
A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter. Una vulnerabilidad de XSS en view_filters_page.php en MantisBT en versiones anteriores a 2.2.1 permite a atacantes remotos inyectar código JavaScript arbitrario a través del parámetro 'view_type'. • http://mantisbt.org/bugs/view.php?id=22497 http://www.openwall.com/lists/oss-security/2017/03/10/1 http://www.securityfocus.com/bid/96819 https://github.com/mantisbt/mantisbt/commit/1677251434b6e8b2be8f1d4376a3e78f7be14d95 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2017-6797
https://notcve.org/view.php?id=CVE-2017-6797
A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter. Una vulnerabilidad de XSS en bug_change_status_page.php en MantisBT en versiones anteriores a 1.3.7 y 2.x en versiones anteriores a 2.2.1 permite a atacantes remotos inyectar JavaScript arbitrario a través del parámetro 'action_type'. • http://www.mantisbt.org/bugs/view.php?id=22486 http://www.openwall.com/lists/oss-security/2017/03/10/1 http://www.securityfocus.com/bid/96818 http://www.securitytracker.com/id/1037978 https://github.com/mantisbt/mantisbt/commit/a2d90ecabf3bcf3aa22ed9dbbecfd3d37902956f https://github.com/mantisbt/mantisbt/commit/c272c3f65da9677e505ff692b1f1e476b3afa56e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •