CVEDB API

Vulnerabilities

Vulnerable Software

Mantis: >> Mantis >> 0.18.3 Security Vulnerabilities

CVE-2005-4523

Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information.

CVSS Score

5.0

EPSS Score

0.008

Published

2005-12-28

CVE-2005-4238

Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter.

CVSS Score

4.3

EPSS Score

0.042

Published

2005-12-14

CVE-2005-3091

Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 "thraxisp".

CVSS Score

4.3

EPSS Score

0.004

Published

2005-09-28

CVE-2004-2666

Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page.

CVSS Score

5.0

EPSS Score

0.003

Published

2004-12-31

Page 2

Vulnerabilities

Vulnerable Software

Mantis: >> Mantis >> 0.18.3 Security Vulnerabilities

Products

Pricing

Contact Us