Security Advisories - mantisbt/mantisbt

mantisbt/mantisbt Security Advisories for 2.25.4 (28)

[HIGH] MantisBT Vulnerable to Stored XSS in File Download

PKSA-2yw5-k1t7-1bg1 CVE-2026-44657 GHSA-p6fr-rxq7-xcg8

Affected version: <=2.28.1

Reported by:
GitHub
[HIGH] MantisBT has Stored XSS on Move Attachments Admin Page

PKSA-x2q4-xdvd-5bhg CVE-2026-44655 GHSA-7mqj-8gj2-cg59

Affected version: >=1.3.0,<=2.28.1

Reported by:
GitHub
[HIGH] MantisBT has a Private Bugnote Attachment Content Leak via REST API

PKSA-d3fh-4w7k-rvy1 CVE-2026-42071 GHSA-pw5x-2mf9-3xc8

Affected version: >=2.23.0,<=2.28.1

Reported by:
GitHub
[MEDIUM] MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API

PKSA-67ww-bjf6-fqgz CVE-2026-42070 GHSA-pq86-j2c2-47f6

Affected version: <=2.28.1

Reported by:
GitHub
[MEDIUM] MantisBT is Vulnerable to Reflected XSS in Rendering Dynamic Custom Textarea Field

PKSA-p4dp-frh9-2khv CVE-2026-41897 GHSA-j7v9-f46r-2rp4

Affected version: >=1.0.0,<2.28.2

Reported by:
GitHub
[HIGH] MantisBT is Vulnerable to Stored XSS in Saved-Filter Owner Column

PKSA-j9zz-q8wb-jgsg CVE-2026-40607 GHSA-f633-865q-2mhh

Affected version: >=2.1.0,<=2.28.1

Reported by:
GitHub
[MEDIUM] MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page

PKSA-gycx-g1kn-1tnd CVE-2026-40598 GHSA-6jh4-47v2-4g37

Affected version: <=2.28.1

Reported by:
GitHub
[HIGH] MantisBT has a Content Security Policy bypass via attachments

PKSA-vmj5-ycv9-cm2v CVE-2026-40597 GHSA-9c3j-xm6v-j7j3

Affected version: <=2.28.1

Reported by:
GitHub
[HIGH] MantisBT is Vulnerable to XSS leading to account takeover via updating a user's font family preference

PKSA-gt1y-4mwq-1fky CVE-2026-40596 GHSA-j3v9-553h-x28j

Affected version: >=2.11.0,<=2.28.1

Reported by:
GitHub
[MEDIUM] MantisBT is Vulnerable to Stored XSS in Custom Field Textarea Values

PKSA-vqsr-dxg3-8yzy CVE-2026-39960 GHSA-qj6w-v29q-4rgx

Affected version: <=2.28.1

Reported by:
GitHub
[MEDIUM] MantisBT: Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked

PKSA-r5kj-njzm-rsnd CVE-2026-34970 GHSA-crmx-4p49-46m2

Affected version: <=2.28.1

Reported by:
GitHub
[MEDIUM] MantisBT has an Authorization Bypass that Allows Uploading Attachments to Private Issues via REST API

PKSA-vg9w-dq6n-8d9w CVE-2026-34754 GHSA-h4x5-gvx6-3rwc

Affected version: <=2.28.1

Reported by:
GitHub
[MEDIUM] MantisBT has an authorization bypass that allows reading attachments after losing access to a private issue

PKSA-mqx4-yq62-zbx3 CVE-2026-34744 GHSA-rmp5-5jj7-gmvf

Affected version: <=2.28.1

Reported by:
GitHub
[HIGH] MantisBT is Vulnerable to Stored HTML Injection/XSS in Clone Issue Form

PKSA-fybf-x73k-s1x5 CVE-2026-34463 GHSA-fvjf-68wh-rwp2

Affected version: <=2.28.1

Reported by:
GitHub
[MEDIUM] MantisBT Vulnerable to Privilege Escalation from Manager to Administrator

PKSA-9b5m-7bg5-xjqr CVE-2026-34390 GHSA-frf7-jhp9-jxm6

Affected version: <=2.28.1

Reported by:
GitHub
[CRITICAL] MantisBT is vulnerable to authentication bypass through the SOAP API on MySQL

PKSA-cwyv-kt56-ndf5 CVE-2026-30849 GHSA-phrq-pc6r-f6gh

Affected version: <2.28.1

Reported by:
GitHub
[MEDIUM] MantisBT unauthorized disclosure of private project column configuration

PKSA-h3h3-9cvh-htmg CVE-2025-62520 GHSA-g582-8vwr-68h2

Affected version: <2.27.2

Reported by:
GitHub
[MEDIUM] MantisBT lacks verification when changing a user's email address

PKSA-983m-gpx4-ywx3 CVE-2025-55155 GHSA-q747-c74m-69pr

Affected version: <2.27.2

Reported by:
GitHub
[MEDIUM] MantisBT Vulnerable to Denial-of-Service (DoS) via Excessive Note Length

PKSA-r8rw-8k4b-bvgz CVE-2025-46556 GHSA-r3jf-hm7q-qfw5

Affected version: <2.27.2

Reported by:
GitHub
[HIGH] MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling

PKSA-gxs3-7yhj-kxf3 CVE-2025-47776 GHSA-4v8w-gg5j-ph37

Affected version: <2.27.2

Reported by:
GitHub
[MEDIUM] MantisBT vulnerable to information disclosure with user profiles

PKSA-9rc9-dxmv-6ty7 CVE-2024-45792 GHSA-h5q3-fjp4-2x7r

Affected version: <=2.26.3

Reported by:
GitHub
[MEDIUM] Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting

PKSA-s5w7-qrwt-4ggd CVE-2024-34081 GHSA-wgx7-jp56-65mq

Affected version: <2.26.2

Reported by:
GitHub
[MEDIUM] MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

PKSA-sqwp-pr85-66jc CVE-2024-34080 GHSA-99jc-wqmr-ff2q

Affected version: <2.26.2

Reported by:
GitHub
[HIGH] Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process

PKSA-vn99-1c14-x82z CVE-2024-34077 GHSA-93x3-m7pw-ppqm

Affected version: <=2.26.1

Reported by:
GitHub
[HIGH] MantisBT Host Header Injection vulnerability

PKSA-h79w-zb4t-bjtf CVE-2024-23830 GHSA-mcqj-7p29-9528

Affected version: <2.26.1

Reported by:
GitHub
[MEDIUM] MantisBT may disclose project names to unauthorized users

PKSA-v5jj-zbts-m2nv CVE-2023-44394 GHSA-v642-mh27-8j6m

Affected version: <=2.25.7

Reported by:
GitHub
[MEDIUM] MantisBT may expose private issues' summaries to unauthorized users

PKSA-dj4p-kydz-sr1n CVE-2023-22476 GHSA-hf4x-6h87-hm79

Affected version: <=2.25.5

Reported by:
GitHub
[MEDIUM] MantisBT XSS through crafted SVG documents in file_download.php

PKSA-4vhk-bvmc-ws85 CVE-2022-33910 GHSA-qghg-v7xv-q98q

Affected version: <2.25.5

Reported by:
GitHub

mantisbt/mantisbt Security Advisories for 2.25.4 (28)

[HIGH] MantisBT Vulnerable to Stored XSS in File Download

[HIGH] MantisBT has Stored XSS on Move Attachments Admin Page

[HIGH] MantisBT has a Private Bugnote Attachment Content Leak via REST API

[MEDIUM] MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API

[MEDIUM] MantisBT is Vulnerable to Reflected XSS in Rendering Dynamic Custom Textarea Field

[HIGH] MantisBT is Vulnerable to Stored XSS in Saved-Filter Owner Column

[MEDIUM] MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page

[HIGH] MantisBT has a Content Security Policy bypass via attachments

[HIGH] MantisBT is Vulnerable to XSS leading to account takeover via updating a user's font family preference

[MEDIUM] MantisBT is Vulnerable to Stored XSS in Custom Field Textarea Values

[MEDIUM] MantisBT: Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked

[MEDIUM] MantisBT has an Authorization Bypass that Allows Uploading Attachments to Private Issues via REST API

[MEDIUM] MantisBT has an authorization bypass that allows reading attachments after losing access to a private issue

[HIGH] MantisBT is Vulnerable to Stored HTML Injection/XSS in Clone Issue Form

[MEDIUM] MantisBT Vulnerable to Privilege Escalation from Manager to Administrator

[CRITICAL] MantisBT is vulnerable to authentication bypass through the SOAP API on MySQL

[MEDIUM] MantisBT unauthorized disclosure of private project column configuration

[MEDIUM] MantisBT lacks verification when changing a user's email address

[MEDIUM] MantisBT Vulnerable to Denial-of-Service (DoS) via Excessive Note Length

[HIGH] MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling

[MEDIUM] MantisBT vulnerable to information disclosure with user profiles

[MEDIUM] Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting

[MEDIUM] MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

[HIGH] Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process

[HIGH] MantisBT Host Header Injection vulnerability

[MEDIUM] MantisBT may disclose project names to unauthorized users

[MEDIUM] MantisBT may expose private issues' summaries to unauthorized users

[MEDIUM] MantisBT XSS through crafted SVG documents in file_download.php