| CVE-2017-7615 |
high |
8.8 |
9.8 |
|
|
|
9y ago |
MantisBT allows arbitrary password reset |
| CVE-2026-44657 |
high |
— |
8.0 |
|
|
|
25d ago |
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, using show_inline=1 parameter and a valid file_show_inline_token CSRF token on file_download.php, an attacker can execu… |
| CVE-2026-44655 |
high |
— |
8.0 |
|
|
|
25d ago |
Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it (which typically requires manager or administrator acces… |
| CVE-2026-42071 |
high |
— |
8.0 |
|
|
|
25d ago |
Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authenticated user (REPORTER+) to… |
| CVE-2026-40607 |
high |
— |
8.0 |
|
|
|
25d ago |
MantisBT is Vulnerable to Stored XSS in Saved-Filter Owner Column |
| CVE-2026-40597 |
high |
— |
8.0 |
|
|
|
25d ago |
MantisBT has a Content Security Policy bypass via attachments |
| CVE-2026-40596 |
high |
— |
8.0 |
|
|
|
25d ago |
MantisBT is Vulnerable to XSS leading to account takeover via updating a user's font family preference |
| CVE-2026-34463 |
high |
— |
8.0 |
|
|
|
25d ago |
MantisBT is Vulnerable to Stored HTML Injection/XSS in Clone Issue Form |
