Mantis: >> Mantis >> 0.19.0a Security Vulnerabilities
Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information.
CVSS Score
5.0
EPSS Score
0.008
Published
2005-12-28
Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter.
CVSS Score
4.3
EPSS Score
0.042
Published
2005-12-14
Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php.
CVSS Score
4.3
EPSS Score
0.006
Published
2004-12-31
PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL on a remote web server that contains the code.
CVSS Score
7.5
EPSS Score
0.01
Published
2004-12-31
Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page.
CVSS Score
5.0
EPSS Score
0.003
Published
2004-12-31
signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address.
CVSS Score
5.0
EPSS Score
0.043
Published
2004-08-20
Page 2