Vulnerabilities (CVE)

Filtered by vendor Mantis Subscribe

Filtered by product Mantis

Total 46 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2002-1113	1 Mantis	1 Mantis	2025-04-03	7.5 HIGH	N/A
summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code.
CVE-2005-3090	1 Mantis	1 Mantis	2025-04-03	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is used to delete the bug, as identified by bug#0006002, a different vulnerability than CVE-2005-2557.
CVE-2005-3339	1 Mantis	1 Mantis	2025-04-03	7.2 HIGH	N/A
Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors.
CVE-2005-2557	3 Debian, Gentoo, Mantis	3 Debian Linux, Linux, Mantis	2025-04-03	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090.
CVE-2005-3337	1 Mantis	1 Mantis	2025-04-03	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php.
CVE-2006-0664	1 Mantis	1 Mantis	2025-04-03	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.