Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by vendor Mantis
Angry Yack Logo
Total 46 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-3337 1 Mantis 1 Mantis 2025-04-03 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php.
CVE-2006-0146 6 John Lim, Mantis, Mediabeez and 3 more 6 Adodb, Mantis, Mediabeez and 3 more 2025-04-03 7.5 HIGH N/A
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.
CVE-2002-1111 1 Mantis 1 Mantis 2025-04-03 5.0 MEDIUM N/A
print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted.
CVE-2004-1730 1 Mantis 1 Mantis 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php.
CVE-2005-3091 1 Mantis 1 Mantis 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 "thraxisp".
CVE-2002-1115 1 Mantis 1 Mantis 2025-04-03 5.0 MEDIUM N/A
Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php.