| CVE-2017-7620 |
medium |
6.5 |
7.5 |
|
|
|
9y ago |
MantisBT vulnerable to CSRF and Open Redirect attacks |
| CVE-2017-12062 |
medium |
6.1 |
6.1 |
|
|
|
9y ago |
MantisBT vulnerable to XSS via unsanitized filter field in manage_user_page.php |
| CVE-2017-12061 |
medium |
6.1 |
6.1 |
|
|
|
9y ago |
MantisBT XSS allows unsanitized input via admin/install.php |
| CVE-2017-7897 |
medium |
6.1 |
6.1 |
|
|
|
9y ago |
MantisBT XSS via my_view_page.php and view_user_page.php |
| CVE-2026-42070 |
medium |
— |
5.5 |
|
|
|
24d ago |
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, the mc_issue_update() function in MantisBT allows users having update_bug_threshold access (UPDATER, with default setti… |
| CVE-2026-41897 |
medium |
— |
5.5 |
|
|
|
24d ago |
Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filter_target parameter on return_dynamic_filters.php (normally used as an AJAX in View Issu… |
| CVE-2026-40598 |
medium |
— |
5.5 |
|
|
|
24d ago |
MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page |
| CVE-2026-34970 |
medium |
— |
5.5 |
|
|
|
24d ago |
MantisBT: Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked |
| CVE-2026-34744 |
medium |
— |
5.5 |
|
|
|
24d ago |
MantisBT has an authorization bypass that allows reading attachments after losing access to a private issue |
| CVE-2026-34579 |
medium |
— |
5.5 |
|
|
|
24d ago |
MantisBT has an authorization bypass in private issue monitoring |
| CVE-2026-34390 |
medium |
— |
5.5 |
|
|
|
24d ago |
MantisBT Vulnerable to Privilege Escalation from Manager to Administrator |
| CVE-2026-33052 |
medium |
— |
5.5 |
|
|
|
24d ago |
MantisBT Has Authorization Bypass in Global Profile Creation |
| CVE-2026-39960 |
medium |
5.4 |
5.4 |
|
|
|
24d ago |
MantisBT is Vulnerable to Stored XSS in Custom Field Textarea Values |
| CVE-2017-7309 |
medium |
4.8 |
4.8 |
|
|
|
9y ago |
MantisBT vulnerable to XSS through config_option parameter in adm_config_report.php |
| CVE-2017-7241 |
medium |
4.8 |
4.8 |
|
|
|
9y ago |
MantisBT XSS via move_attachments_page.php |
| CVE-2017-6973 |
medium |
4.8 |
4.8 |
|
|
|
9y ago |
MantisBT XSS via adm_config_report.php's action parameter |
| CVE-2016-7111 |
medium |
4.7 |
4.7 |
|
|
|
9y ago |
MantisBT XSS through weak CSP when using Gravatar plugin |
| CVE-2026-34754 |
medium |
4.3 |
4.3 |
|
|
|
24d ago |
MantisBT has an Authorization Bypass that Allows Uploading Attachments to Private Issues via REST API |
| CVE-2010-2574 |
low |
— |
2.1 |
|
|
|
16y ago |
MantisBT Cross-site Scripting vulnerability |
