Vulnerabilities (CVE)

Filtered by vendor Mantis

Filtered by product Mantis

Total 46 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2005-3337	1 Mantis	1 Mantis	2025-04-03	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php.
CVE-2006-0146	6 John Lim, Mantis, Mediabeez and 3 more	6 Adodb, Mantis, Mediabeez and 3 more	2025-04-03	7.5 HIGH	N/A
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.
CVE-2002-1111	1 Mantis	1 Mantis	2025-04-03	5.0 MEDIUM	N/A
print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted.
CVE-2004-1730	1 Mantis	1 Mantis	2025-04-03	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php.
CVE-2005-3091	1 Mantis	1 Mantis	2025-04-03	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 "thraxisp".
CVE-2002-1115	1 Mantis	1 Mantis	2025-04-03	5.0 MEDIUM	N/A
Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php.