CVEDB API

Vulnerabilities

Vulnerable Software

Mantis: Security Vulnerabilities

CVE-2005-4521

CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php.

CVSS Score

5.0

EPSS Score

0.01

Published

2005-12-28

CVE-2005-4522

Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters.

CVSS Score

4.3

EPSS Score

0.013

Published

2005-12-28

CVE-2005-4523

Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information.

CVSS Score

5.0

EPSS Score

0.008

Published

2005-12-28

CVE-2005-4524

Mantis 1.0.0rc3 does not properly handle "Make note private" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak.

CVSS Score

5.0

EPSS Score

0.005

Published

2005-12-28

CVE-2005-4238

Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter.

CVSS Score

4.3

EPSS Score

0.042

Published

2005-12-14

CVE-2005-3335

PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter.

CVSS Score

7.5

EPSS Score

0.07

Published

2005-10-27

CVE-2005-3336

SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

CVSS Score

7.5

EPSS Score

0.013

Published

2005-10-27

CVE-2005-3337

Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php.

CVSS Score

4.3

EPSS Score

0.004

Published

2005-10-27

CVE-2005-3338

Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users.

CVSS Score

5.0

EPSS Score

0.006

Published

2005-10-27

CVE-2005-3339

Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors.

CVSS Score

7.2

EPSS Score

0.001

Published

2005-10-27

Prev Next

Page 3

Vulnerabilities

Vulnerable Software

Mantis: Security Vulnerabilities

Products

Pricing

Contact Us