Shodan
Vulnerabilities
Vulnerable Software
Mantis:  >> Mantis  >> 0.19.0_rc1  Security Vulnerabilities
CVE-2005-4523
Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information.
CVSS Score
5.0
EPSS Score
0.008
Published
2005-12-28
CVE-2005-4238
Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter.
CVSS Score
4.3
EPSS Score
0.042
Published
2005-12-14
CVE-2005-3337
Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php.
CVSS Score
4.3
EPSS Score
0.004
Published
2005-10-27
CVE-2005-3338
Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users.
CVSS Score
5.0
EPSS Score
0.006
Published
2005-10-27
CVE-2005-3339
Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors.
CVSS Score
7.2
EPSS Score
0.001
Published
2005-10-27
CVE-2005-3090
Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is used to delete the bug, as identified by bug#0006002, a different vulnerability than CVE-2005-2557.
CVSS Score
4.3
EPSS Score
0.003
Published
2005-09-28
CVE-2005-3091
Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 "thraxisp".
CVSS Score
4.3
EPSS Score
0.004
Published
2005-09-28
CVE-2005-2557
Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090.
CVSS Score
4.3
EPSS Score
0.084
Published
2005-09-28
CVE-2005-2556
core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956.
CVSS Score
7.5
EPSS Score
0.009
Published
2005-08-24
CVE-2004-2666
Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page.
CVSS Score
5.0
EPSS Score
0.003
Published
2004-12-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved