Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.
CVSS Score
10.0
EPSS Score
0.004
Published
2006-02-13
Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the max_file_size parameter to (1) bug_file_add.php, (2) bug_report.php, (3) bug_report_advanced_page.php, and (4) proj_doc_add_page.php.
CVSS Score
7.5
EPSS Score
0.018
Published
2005-12-28
Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information.
CVSS Score
5.0
EPSS Score
0.008
Published
2005-12-28
Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter.
CVSS Score
4.3
EPSS Score
0.042
Published
2005-12-14
Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php.
CVSS Score
4.3
EPSS Score
0.004
Published
2005-10-27
Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users.
CVSS Score
5.0
EPSS Score
0.006
Published
2005-10-27
Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors.
CVSS Score
7.2
EPSS Score
0.001
Published
2005-10-27
Page 2