Shodan
Vulnerabilities
Vulnerable Software
Mantis:  >> Mantis  >> 0.18.0  Security Vulnerabilities
CVE-2008-3331
Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter.
CVSS Score
3.5
EPSS Score
0.007
Published
2008-07-27
CVE-2008-3332
Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.
CVSS Score
6.5
EPSS Score
0.083
Published
2008-07-27
CVE-2008-3333
Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).
CVSS Score
7.5
EPSS Score
0.004
Published
2008-07-27
CVE-2008-0404
Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Most active bugs" summary.
CVSS Score
4.3
EPSS Score
0.007
Published
2008-01-23
CVE-2006-0840
manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519.
CVSS Score
5.0
EPSS Score
0.017
Published
2006-02-22
CVE-2006-0841
Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522.
CVSS Score
4.3
EPSS Score
0.12
Published
2006-02-22
CVE-2005-4518
Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the max_file_size parameter to (1) bug_file_add.php, (2) bug_report.php, (3) bug_report_advanced_page.php, and (4) proj_doc_add_page.php.
CVSS Score
7.5
EPSS Score
0.014
Published
2005-12-28
CVE-2005-3091
Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 "thraxisp".
CVSS Score
4.3
EPSS Score
0.004
Published
2005-09-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved