mantisbt/mantisbt Security Advisories (11)
-
[MEDIUM] MantisBT vulnerable to information disclosure with user profiles
PKSA-9rc9-dxmv-6ty7 CVE-2024-45792 GHSA-h5q3-fjp4-2x7r
Affected version: <=2.26.3
Reported by:
GitHub -
[MEDIUM] Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting
PKSA-s5w7-qrwt-4ggd CVE-2024-34081 GHSA-wgx7-jp56-65mq
Affected version: <2.26.2
Reported by:
GitHub -
[MEDIUM] MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
PKSA-sqwp-pr85-66jc CVE-2024-34080 GHSA-99jc-wqmr-ff2q
Affected version: <2.26.2
Reported by:
GitHub -
[HIGH] Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process
PKSA-vn99-1c14-x82z CVE-2024-34077 GHSA-93x3-m7pw-ppqm
Affected version: <=2.26.1
Reported by:
GitHub -
[HIGH] MantisBT Host Header Injection vulnerability
PKSA-h79w-zb4t-bjtf CVE-2024-23830 GHSA-mcqj-7p29-9528
Affected version: <2.26.1
Reported by:
GitHub -
[MEDIUM] MantisBT may disclose project names to unauthorized users
PKSA-v5jj-zbts-m2nv CVE-2023-44394 GHSA-v642-mh27-8j6m
Affected version: <=2.25.7
Reported by:
GitHub -
[MEDIUM] MantisBT may expose private issues' summaries to unauthorized users
PKSA-dj4p-kydz-sr1n CVE-2023-22476 GHSA-hf4x-6h87-hm79
Affected version: <=2.25.5
Reported by:
GitHub -
[MEDIUM] MantisBT HTML Injection vulnerability
PKSA-npkm-62tx-y9yj CVE-2020-25830 GHSA-2pm7-q8pc-xhvq
Affected version: <2.24.3
Reported by:
GitHub -
[MEDIUM] MantisBT vulnerable to CSRF and Open Redirect attacks
PKSA-vzxc-scpg-d56v CVE-2017-7620 GHSA-9x76-mp7r-2xc5
Affected version: >=2.4.0,<2.4.1|>=2.0.0,<2.3.3|<1.3.11
Reported by:
GitHub -
[LOW] MantisBT Cross-site Scripting vulnerability
PKSA-zjxq-cctn-qfz3 CVE-2010-2574 GHSA-74x7-mfvg-h2wf
Affected version: <=1.2.2
Reported by:
GitHub -
[HIGH] MantisBT allows arbitrary password reset
PKSA-g674-s94j-gf23 CVE-2017-7615 GHSA-252r-f55f-ff34
Affected version: >=2.3.0,<2.3.1|>=2.0.0,<2.2.4|>=1.3.0-rc.2,<1.3.10
Reported by:
GitHub