Shodan
Vulnerabilities
Vulnerable Software
Mantisbt:  >> Mantisbt  >> 1.3.17  Security Vulnerabilities
CVE-2020-16266
An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on view_all_bug_page.php allows a remote attacker to inject arbitrary HTML into the page by saving it into a text Custom Field, leading to possible code execution in the browser of any user subsequently viewing the issue (if CSP settings allow it).
CVSS Score
5.4
EPSS Score
0.003
Published
2020-08-12
CVE-2019-15539
The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed when editing the document's page.
CVSS Score
6.1
EPSS Score
0.005
Published
2020-03-19
CVE-2019-15715
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.
CVSS Score
7.2
EPSS Score
0.226
Published
2019-10-09
CVE-2018-6526
view_all_bug_page.php in MantisBT 2.10.0-development before 2018-02-02 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-02-02
CVE-2017-7615
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
CVSS Score
8.8
EPSS Score
0.927
Published
2017-04-16
CVE-2017-7222
A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged access to MantisBT configuration management pages (i.e., administrator access rights) or altering the system configuration file (config_inc.php).
CVSS Score
6.1
EPSS Score
0.003
Published
2017-03-22
CVE-2017-6799
A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter.
CVSS Score
6.1
EPSS Score
0.007
Published
2017-03-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved