CVEDB API

Vulnerabilities

Vulnerable Software

Mantisbt: >> Mantisbt >> 1.3.0 Security Vulnerabilities

CVE-2016-7111

MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

CVSS Score

4.7

EPSS Score

0.003

Published

2017-02-17

CVE-2016-6837

Cross-site scripting (XSS) vulnerability in MantisBT Filter API in MantisBT versions before 1.2.19, and versions 2.0.0-beta1, 1.3.0-beta1 allows remote attackers to inject arbitrary web script or HTML via the 'view_type' parameter.

CVSS Score

6.1

EPSS Score

0.009

Published

2017-01-10

CVE-2014-9759

Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request.

CVSS Score

5.3

EPSS Score

0.003

Published

2016-04-11

CVE-2014-9573

SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie.

CVSS Score

6.0

EPSS Score

0.004

Published

2015-01-26

CVE-2014-9572

MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to /*/install.php, which allows remote attackers to obtain database credentials via the install parameter with the value 4.

CVSS Score

7.5

EPSS Score

0.009

Published

2015-01-26

CVE-2014-9571

Cross-site scripting (XSS) vulnerability in admin/install.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter.

CVSS Score

4.3

EPSS Score

0.004

Published

2015-01-26

Page 5

Vulnerabilities

Vulnerable Software

Mantisbt: >> Mantisbt >> 1.3.0 Security Vulnerabilities

Products

Pricing

Contact Us