Mantisbt: >> Mantisbt >> 1.3.12 Security Vulnerabilities
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
CVSS Score
8.8
EPSS Score
0.932
Published
2017-04-16
A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged access to MantisBT configuration management pages (i.e., administrator access rights) or altering the system configuration file (config_inc.php).
CVSS Score
6.1
EPSS Score
0.003
Published
2017-03-22
A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter.
CVSS Score
6.1
EPSS Score
0.007
Published
2017-03-10
Page 4