CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Mantisbt: >> Mantisbt >> 2.0.0 Security Vulnerabilities

CVE-2017-6797

A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter.

CVSS Score

6.1

EPSS Score

0.008

Published

2017-03-10

CVE-2016-7111

MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

CVSS Score

4.7

EPSS Score

0.003

Published

2017-02-17

CVE-2016-6837

Cross-site scripting (XSS) vulnerability in MantisBT Filter API in MantisBT versions before 1.2.19, and versions 2.0.0-beta1, 1.3.0-beta1 allows remote attackers to inject arbitrary web script or HTML via the 'view_type' parameter.

CVSS Score

6.1

EPSS Score

0.009

Published

2017-01-10

Page 5

Vulnerabilities

Vulnerable Software

Mantisbt: >> Mantisbt >> 2.0.0 Security Vulnerabilities

Products

Pricing

Contact Us