Show filters
20 Total Results
Displaying 1-10 of 20
Sort by:
Attacker Value
Unknown

CVE-2008-3331

Disclosure Date: July 27, 2008 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter.
0
Attacker Value
Unknown

CVE-2008-3332

Disclosure Date: July 27, 2008 (last updated October 04, 2023)
Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.
0
Attacker Value
Unknown

CVE-2008-3333

Disclosure Date: July 27, 2008 (last updated October 04, 2023)
Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).
0
Attacker Value
Unknown

CVE-2008-0404

Disclosure Date: January 23, 2008 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Most active bugs" summary.
0
Attacker Value
Unknown

CVE-2006-6574

Disclosure Date: December 15, 2006 (last updated October 04, 2023)
Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field.
0
Attacker Value
Unknown

CVE-2006-6515

Disclosure Date: December 14, 2006 (last updated October 04, 2023)
Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders.
0
Attacker Value
Unknown

CVE-2006-1577

Disclosure Date: April 02, 2006 (last updated February 22, 2025)
Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters.
0
Attacker Value
Unknown

CVE-2006-0841

Disclosure Date: February 22, 2006 (last updated February 22, 2025)
Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522.
0
Attacker Value
Unknown

CVE-2006-0840

Disclosure Date: February 22, 2006 (last updated February 22, 2025)
manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519.
0
Attacker Value
Unknown

CVE-2006-0664

Disclosure Date: February 13, 2006 (last updated February 22, 2025)
Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.
0