Security Advisories - mantisbt/mantisbt

mantisbt/mantisbt Security Advisories (48)

[HIGH] MantisBT has Stored HTML Injection/XSS when displaying Tags in Timeline

PKSA-snjj-r5pw-fbgn CVE-2026-33548 GHSA-73vx-49mv-v8w5

Affected version: =2.28.0

Reported by:
GitHub
[HIGH] MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation

PKSA-dcyg-8m67-cs7k CVE-2026-33517 GHSA-fh48-f69w-7vmp

Affected version: =2.28.0

Reported by:
GitHub
[CRITICAL] MantisBT is vulnerable to authentication bypass through the SOAP API on MySQL

PKSA-cwyv-kt56-ndf5 CVE-2026-30849 GHSA-phrq-pc6r-f6gh

Affected version: <2.28.1

Reported by:
GitHub
[MEDIUM] MantisBT unauthorized disclosure of private project column configuration

PKSA-h3h3-9cvh-htmg CVE-2025-62520 GHSA-g582-8vwr-68h2

Affected version: <2.27.2

Reported by:
GitHub
[MEDIUM] MantisBT lacks verification when changing a user's email address

PKSA-983m-gpx4-ywx3 CVE-2025-55155 GHSA-q747-c74m-69pr

Affected version: <2.27.2

Reported by:
GitHub
[MEDIUM] MantisBT Vulnerable to Denial-of-Service (DoS) via Excessive Note Length

PKSA-r8rw-8k4b-bvgz CVE-2025-46556 GHSA-r3jf-hm7q-qfw5

Affected version: <2.27.2

Reported by:
GitHub
[HIGH] MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling

PKSA-gxs3-7yhj-kxf3 CVE-2025-47776 GHSA-4v8w-gg5j-ph37

Affected version: <2.27.2

Reported by:
GitHub
[MEDIUM] MantisBT vulnerable to information disclosure with user profiles

PKSA-9rc9-dxmv-6ty7 CVE-2024-45792 GHSA-h5q3-fjp4-2x7r

Affected version: <=2.26.3

Reported by:
GitHub
[MEDIUM] Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting

PKSA-s5w7-qrwt-4ggd CVE-2024-34081 GHSA-wgx7-jp56-65mq

Affected version: <2.26.2

Reported by:
GitHub
[MEDIUM] MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

PKSA-sqwp-pr85-66jc CVE-2024-34080 GHSA-99jc-wqmr-ff2q

Affected version: <2.26.2

Reported by:
GitHub
[HIGH] Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process

PKSA-vn99-1c14-x82z CVE-2024-34077 GHSA-93x3-m7pw-ppqm

Affected version: <=2.26.1

Reported by:
GitHub
[HIGH] MantisBT Host Header Injection vulnerability

PKSA-h79w-zb4t-bjtf CVE-2024-23830 GHSA-mcqj-7p29-9528

Affected version: <2.26.1

Reported by:
GitHub
[MEDIUM] MantisBT may disclose project names to unauthorized users

PKSA-v5jj-zbts-m2nv CVE-2023-44394 GHSA-v642-mh27-8j6m

Affected version: <=2.25.7

Reported by:
GitHub
[MEDIUM] MantisBT may expose private issues' summaries to unauthorized users

PKSA-dj4p-kydz-sr1n CVE-2023-22476 GHSA-hf4x-6h87-hm79

Affected version: <=2.25.5

Reported by:
GitHub
[MEDIUM] MantisBT XSS through crafted SVG documents in file_download.php

PKSA-4vhk-bvmc-ws85 CVE-2022-33910 GHSA-qghg-v7xv-q98q

Affected version: <2.25.5

Reported by:
GitHub
[MEDIUM] MantisBT allows XSS in manage_custom_field_edit_page.php

PKSA-db2k-fbvq-zkwt CVE-2021-33557 GHSA-52cx-vphc-jmjm

Affected version: <=2.25.1

Reported by:
GitHub
[MEDIUM] MantisBT XSS in manage_custom_field_update.php

PKSA-3369-tnqk-b63p CVE-2020-35571 GHSA-cvrm-cr3m-qj92

Affected version: <=2.24.5

Reported by:
GitHub
[MEDIUM] MantisBT Insecure Storage in manage_proj_edit_page.php

PKSA-h55j-9sr9-tms2 CVE-2020-29603 GHSA-qpj5-f88q-x7px

Affected version: <2.24.4

Reported by:
GitHub
[MEDIUM] MantisBT Incorrect Authorization in bug_actiongroup_page.php

PKSA-q6mz-3mgn-h2jn CVE-2020-29605 GHSA-pgg9-mmcg-8mxp

Affected version: <2.24.4

Reported by:
GitHub
[MEDIUM] MantisBT Missing Authorization access check in bug_actiongroup.php

PKSA-5kvg-vtwr-36w9 CVE-2020-29604 GHSA-f38c-wxp6-8xjv

Affected version: <2.24.4

Reported by:
GitHub
[HIGH] MantisBT Incorrect Authorization for bug_revision_view_page.php check

PKSA-v1ky-5hzd-xnnv CVE-2020-35849 GHSA-7j8m-fm49-xgmg

Affected version: <=2.24.3

Reported by:
GitHub
[MEDIUM] MantisBT SQL Injection via mc_project_get_users function

PKSA-hcc7-ghdp-n96c CVE-2020-28413 GHSA-49w9-82cj-xr48

Affected version: <=2.24.3

Reported by:
GitHub
[MEDIUM] MantisBT unauthorized users able to access private files

PKSA-z1yw-jjvh-1vjz CVE-2020-25781 GHSA-xjmx-cprh-646r

Affected version: <2.24.3

Reported by:
GitHub
[MEDIUM] MantisBT HTML Injection vulnerability

PKSA-npkm-62tx-y9yj CVE-2020-25830 GHSA-2pm7-q8pc-xhvq

Affected version: <2.24.3

Reported by:
GitHub
[MEDIUM] MantisBT XXS where a Custom Field with a crafted Regular Expression property is used

PKSA-wgv3-hzy8-1dcy CVE-2020-25288 GHSA-qgrr-f26j-87vf

Affected version: >=2.23.0,<2.24.3

Reported by:
GitHub
[MEDIUM] MantisBT XSS issue on the view_all_bug_page.php

PKSA-vrvq-4npk-d9fr CVE-2020-16266 GHSA-4rrc-5vp6-m3f6

Affected version: >=2.1.0,<=2.24.1

Reported by:
GitHub
[MEDIUM] MantisBT XSS when uploading an attachment

PKSA-srf3-2rxv-55nf CVE-2019-15539 GHSA-p495-jrpq-p66g

Affected version: <2.21.3

Reported by:
GitHub
[HIGH] MantisBT Remote Code Execution

PKSA-3qzp-r9gn-kn2n CVE-2019-15715 GHSA-v23g-wjvq-2fpf

Affected version: >=2.0.0,<2.22.1|<1.3.20

Reported by:
GitHub
[MEDIUM] MantisBT allows cross-site scripting (XSS) via crafted filename

PKSA-t8wp-pwhj-pycz CVE-2019-15074 GHSA-gg4j-279j-22ph

Affected version: <2.21.2

Reported by:
GitHub
[MEDIUM] MantisBT cross-site scripting (XSS) vulnerability through crafted PATH_INFO

PKSA-pww2-64c1-ygv6 CVE-2018-16514 GHSA-3qv7-98vm-xx2v

Affected version: >=2.1.0,<=2.17.0

Reported by:
GitHub
[MEDIUM] MantisBT XSS through weak CSP when using Gravatar plugin

PKSA-hbgw-6kfd-yvsm CVE-2016-7111 GHSA-8vx9-hcvq-gfv8

Affected version: =2.0.0-beta.1|<=1.3.0

Reported by:
GitHub
[MEDIUM] MantisBT vulnerable to CSRF and Open Redirect attacks

PKSA-vzxc-scpg-d56v CVE-2017-7620 GHSA-9x76-mp7r-2xc5

Affected version: >=2.4.0,<2.4.1|>=2.0.0,<2.3.3|<1.3.11

Reported by:
GitHub
[MEDIUM] MantisBT XSS via my_view_page.php and view_user_page.php

PKSA-6jq2-5wz7-nk7m CVE-2017-7897 GHSA-8r2m-qhff-jm2c

Affected version: >=2.3.0,<2.3.2

Reported by:
GitHub
[MEDIUM] MantisBT XSS via adm_config_report.php's action parameter

PKSA-jhf5-zpwn-9fxv CVE-2017-6973 GHSA-v7qf-22rw-chph

Affected version: >=2.2.0,<2.2.2|>=2.0.0,<2.1.2|<1.3.8

Reported by:
GitHub
[MEDIUM] MantisBT XSS via move_attachments_page.php

PKSA-f32t-gmk7-tryx CVE-2017-7241 GHSA-x53v-v9xp-gf6g

Affected version: >=2.2.0,<2.2.3|>=2.0.0,<2.1.3|<1.3.9

Reported by:
GitHub
[MEDIUM] MantisBT vulnerable to XSS through config_option parameter in adm_config_report.php

PKSA-gqfr-rmr1-1ny9 CVE-2017-7309 GHSA-4w6c-3hcx-rfj5

Affected version: >=2.2.0,<2.2.3|>=2.1.0,<2.1.3|<1.3.9

Reported by:
GitHub
[MEDIUM] MantisBT vulnerable to XSS via unsanitized filter field in manage_user_page.php

PKSA-qngb-ngzb-h8pd CVE-2017-12062 GHSA-w93w-rx52-24qh

Affected version: >=2.0.0,<2.5.2

Reported by:
GitHub
[MEDIUM] MantisBT allows XSS on the Edit Filter page via crafted filter name

PKSA-f7dn-qqzp-jcy3 CVE-2018-14504 GHSA-74gh-5j33-vg4w

Affected version: >=2.0.0,<=2.15.0

Reported by:
GitHub
[MEDIUM] MantisBT allows XSS via View Filters page

PKSA-rxy9-sws1-6g27 CVE-2018-13055 GHSA-mjp7-97w4-jwhc

Affected version: >=2.1.0,<2.15.1

Reported by:
GitHub
[LOW] MantisBT Cross-site Scripting vulnerability

PKSA-zjxq-cctn-qfz3 CVE-2010-2574 GHSA-74x7-mfvg-h2wf

Affected version: <=1.2.2

Reported by:
GitHub
[MEDIUM] MantisBT allows XSS via the Manage Filter page

PKSA-xm38-hkqg-mfk8 CVE-2018-17782 GHSA-ggjm-7m5f-7xjv

Affected version: >=2.1.0,<2.17.2

Reported by:
GitHub
[MEDIUM] MantisBT allows XSS via Edit Filter page

PKSA-vf3d-9f8w-jvx8 CVE-2018-17783 GHSA-gcqw-45xq-xc63

Affected version: >=2.1.0,<2.17.2

Reported by:
GitHub
[HIGH] MantisBT allows arbitrary password reset

PKSA-g674-s94j-gf23 CVE-2017-7615 GHSA-252r-f55f-ff34

Affected version: >=2.3.0,<2.3.1|>=2.0.0,<2.2.4|>=1.3.0-rc.2,<1.3.10

Reported by:
GitHub
[MEDIUM] MantisBT XSS allows unsanitized input via admin/install.php

PKSA-jkwp-98ww-jt8z CVE-2017-12061 GHSA-98xr-mmq5-vc5h

Affected version: >=2.0.0,<2.5.2|<=1.3.11

Reported by:
GitHub
[MEDIUM] MantisBT vulnerable to XSS via unescaped output in browser_search_plugin.php

PKSA-q51k-ffgd-45fg CVE-2022-28508 GHSA-wfg2-2wmw-6894

Affected version: <=2.25.2

Reported by:
GitHub
[HIGH] MantisBT Insufficient Session Expiration cookie string not reset after logout

PKSA-45gx-2q1r-69kb CVE-2009-20001 GHSA-jm72-67rm-763j

Affected version: <=2.24.4

Reported by:
GitHub
[HIGH] MantisBT CSV Injection unprivileged user access in csv_export.php

PKSA-666f-jmzg-3cj8 CVE-2021-43257 GHSA-rg8f-5p7x-m6wv

Affected version: <=2.25.2

Reported by:
GitHub
[MEDIUM] MantisBT vulnerable to XSS due to improper escape in manage_plugin_page.php and manage_plugin_uninstall.php

PKSA-9cw5-6275-ghwx CVE-2022-26144 GHSA-rqgj-rqfr-5j6f

Affected version: <=2.25.2

Reported by:
GitHub

mantisbt/mantisbt Security Advisories (48)

[HIGH] MantisBT has Stored HTML Injection/XSS when displaying Tags in Timeline

[HIGH] MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation

[CRITICAL] MantisBT is vulnerable to authentication bypass through the SOAP API on MySQL

[MEDIUM] MantisBT unauthorized disclosure of private project column configuration

[MEDIUM] MantisBT lacks verification when changing a user's email address

[MEDIUM] MantisBT Vulnerable to Denial-of-Service (DoS) via Excessive Note Length

[HIGH] MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling

[MEDIUM] MantisBT vulnerable to information disclosure with user profiles

[MEDIUM] Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting

[MEDIUM] MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

[HIGH] Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process

[HIGH] MantisBT Host Header Injection vulnerability

[MEDIUM] MantisBT may disclose project names to unauthorized users

[MEDIUM] MantisBT may expose private issues' summaries to unauthorized users

[MEDIUM] MantisBT XSS through crafted SVG documents in file_download.php

[MEDIUM] MantisBT allows XSS in manage_custom_field_edit_page.php

[MEDIUM] MantisBT XSS in manage_custom_field_update.php

[MEDIUM] MantisBT Insecure Storage in manage_proj_edit_page.php

[MEDIUM] MantisBT Incorrect Authorization in bug_actiongroup_page.php

[MEDIUM] MantisBT Missing Authorization access check in bug_actiongroup.php

[HIGH] MantisBT Incorrect Authorization for bug_revision_view_page.php check

[MEDIUM] MantisBT SQL Injection via mc_project_get_users function

[MEDIUM] MantisBT unauthorized users able to access private files

[MEDIUM] MantisBT HTML Injection vulnerability

[MEDIUM] MantisBT XXS where a Custom Field with a crafted Regular Expression property is used

[MEDIUM] MantisBT XSS issue on the view_all_bug_page.php

[MEDIUM] MantisBT XSS when uploading an attachment

[HIGH] MantisBT Remote Code Execution

[MEDIUM] MantisBT allows cross-site scripting (XSS) via crafted filename

[MEDIUM] MantisBT cross-site scripting (XSS) vulnerability through crafted PATH_INFO

[MEDIUM] MantisBT XSS through weak CSP when using Gravatar plugin

[MEDIUM] MantisBT vulnerable to CSRF and Open Redirect attacks

[MEDIUM] MantisBT XSS via my_view_page.php and view_user_page.php

[MEDIUM] MantisBT XSS via adm_config_report.php's action parameter

[MEDIUM] MantisBT XSS via move_attachments_page.php

[MEDIUM] MantisBT vulnerable to XSS through config_option parameter in adm_config_report.php

[MEDIUM] MantisBT vulnerable to XSS via unsanitized filter field in manage_user_page.php

[MEDIUM] MantisBT allows XSS on the Edit Filter page via crafted filter name

[MEDIUM] MantisBT allows XSS via View Filters page

[LOW] MantisBT Cross-site Scripting vulnerability

[MEDIUM] MantisBT allows XSS via the Manage Filter page

[MEDIUM] MantisBT allows XSS via Edit Filter page

[HIGH] MantisBT allows arbitrary password reset

[MEDIUM] MantisBT XSS allows unsanitized input via admin/install.php

[MEDIUM] MantisBT vulnerable to XSS via unescaped output in browser_search_plugin.php

[HIGH] MantisBT Insufficient Session Expiration cookie string not reset after logout

[HIGH] MantisBT CSV Injection unprivileged user access in csv_export.php

[MEDIUM] MantisBT vulnerable to XSS due to improper escape in manage_plugin_page.php and manage_plugin_uninstall.php