Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information.
Max CVSS
5.0
EPSS Score
0.62%
Published
2005-12-28
Updated
2011-03-08
Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters.
Max CVSS
4.3
EPSS Score
0.98%
Published
2005-12-28
Updated
2011-03-08
Unspecified "port injection" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. NOTE: due to a lack of relevant details in the vendor changelog, which is the source of this description, it is unclear whether this is a duplicate of another CVE.
Max CVSS
5.0
EPSS Score
0.75%
Published
2005-12-28
Updated
2011-03-08
Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php.
Max CVSS
7.5
EPSS Score
1.54%
Published
2005-12-28
Updated
2011-03-08
Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter.
Max CVSS
4.3
EPSS Score
0.53%
Published
2005-12-14
Updated
2011-03-08
Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 "thraxisp".
Max CVSS
4.3
EPSS Score
0.44%
Published
2005-09-28
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is used to delete the bug, as identified by bug#0006002, a different vulnerability than CVE-2005-2557.
Max CVSS
4.3
EPSS Score
0.14%
Published
2005-09-28
Updated
2016-10-18
Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090.
Max CVSS
4.3
EPSS Score
0.51%
Published
2005-09-28
Updated
2017-07-11
core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956.
Max CVSS
7.5
EPSS Score
0.74%
Published
2005-08-24
Updated
2016-10-18
9 vulnerabilities found