Filter
Software
MantisBTMantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty…
8.8
First published (updated )
composer/mantisbt/mantisbtMantisBT Host Header Injection vulnerability
8.3
EPSS
0.04%
First published (updated )
MantisBTAn issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each us…
8.1
First published (updated )
MantisBTLack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unpriv…
7.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MantisBTThe mc_issue_note_update function in the SOAP API in MantisBT before 1.2.11 does not properly check …
7.5
First published (updated )
MantisBTThe mci_check_login function in api/soap/mc_api.php in the SOAP API in MantisBT before 1.2.9 allows …
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MantisBTMantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to /*/install…
7.5
First published (updated )
MantisBTAn issue was discovered in MantisBT before 2.24.4. An incorrect access check in bug_revision_view_pa…
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MantisBTCAPTCHA bypass vulnerability in MantisBT before 1.2.19.
7.5
First published (updated )
composer/mantisbt/mantisbtMantisBT user account takeover in the signup/reset password process
7.3
EPSS
0.04%
First published (updated )
MantisBTMantisBT LinkedCustomFields Cross-site Scripting vulnerability
6.7
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
composer/mantisbt/mantisbtMantisBT Cross-site Scripting vulnerability
6.6
EPSS
0.04%
First published (updated )
MantisBTAn issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php all…
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MantisBTMantisBT before 1.2.9 does not audit when users copy or clone a bug report, which makes it easier fo…
6.4
First published (updated )
MantisBTThe XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attacke…
6.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.