Filtered by vendor Mantis
Subscribe
Total
46 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3331 | 1 Mantis | 1 Mantis | 2025-04-09 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter. | |||||
| CVE-2007-6611 | 1 Mantis | 1 Mantis | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php. | |||||
| CVE-2006-6515 | 1 Mantis | 1 Mantis | 2025-04-09 | 10.0 HIGH | N/A |
| Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders. | |||||
| CVE-2008-3333 | 1 Mantis | 1 Mantis | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php). | |||||
| CVE-2006-6574 | 1 Mantis | 1 Mantis | 2025-04-09 | 5.0 MEDIUM | N/A |
| Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field. | |||||
| CVE-2008-4689 | 1 Mantis | 1 Mantis | 2025-04-09 | 7.5 HIGH | N/A |
| Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions. | |||||
| CVE-2008-4687 | 1 Mantis | 1 Mantis | 2025-04-09 | 9.0 HIGH | N/A |
| manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php. | |||||
| CVE-2008-3332 | 1 Mantis | 1 Mantis | 2025-04-09 | 6.5 MEDIUM | N/A |
| Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter. | |||||
| CVE-2008-4688 | 1 Mantis | 1 Mantis | 2025-04-09 | 5.0 MEDIUM | N/A |
| core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number. | |||||
| CVE-2008-0404 | 1 Mantis | 1 Mantis | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Most active bugs" summary. | |||||
| CVE-2005-2557 | 3 Debian, Gentoo, Mantis | 3 Debian Linux, Linux, Mantis | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090. | |||||
| CVE-2005-3337 | 1 Mantis | 1 Mantis | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php. | |||||
| CVE-2002-1113 | 1 Mantis | 1 Mantis | 2025-04-03 | 7.5 HIGH | N/A |
| summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code. | |||||
| CVE-2002-1116 | 1 Mantis | 1 Mantis | 2025-04-03 | 7.5 HIGH | N/A |
| The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects. | |||||
| CVE-2005-4523 | 1 Mantis | 1 Mantis | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2005-4521 | 1 Mantis | 1 Mantis | 2025-04-03 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php. | |||||
| CVE-2006-0840 | 1 Mantis | 1 Mantis | 2025-04-03 | 5.0 MEDIUM | N/A |
| manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519. | |||||
| CVE-2004-1734 | 1 Mantis | 1 Mantis | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL on a remote web server that contains the code. | |||||
| CVE-2004-2666 | 1 Mantis | 1 Mantis | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page. | |||||
| CVE-2005-4524 | 1 Mantis | 1 Mantis | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mantis 1.0.0rc3 does not properly handle "Make note private" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak. | |||||