Information on source package mantis

Available versions

ReleaseVersion
squeeze (security)1.1.8+dfsg-10squeeze2
wheezy1.2.11-1.2+deb7u1
wheezy (security)1.2.18-1

Open issues

BugsqueezewheezyDescription
CVE-2015-5059vulnerablevulnerable (no DSA)Information disclosure
CVE-2015-2046vulnerablevulnerable (no DSA)XSS, incomplete fix for CVE-2014-8986
CVE-2015-1042fixedvulnerable (no DSA)The string_sanitize_url function in core/string_api.php in MantisBT ...
CVE-2014-9701vulnerablevulnerable (no DSA)XSS issue in MantisBT permalink_page.php
CVE-2014-9624vulnerablevulnerable (no DSA)CAPTCHA bypass
CVE-2014-9573vulnerablevulnerable (no DSA)SQL injection vulnerability in manage_user_page.php in MantisBT before ...
CVE-2014-9572vulnerablevulnerable (no DSA)MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly ...
CVE-2014-9571vulnerablevulnerable (no DSA)Cross-site scripting (XSS) vulnerability in admin/install.php in ...
CVE-2014-9506vulnerablefixedMantisBT before 1.2.18 does not properly check permissions when ...
CVE-2014-9388vulnerablefixedbug_report.php in MantisBT before 1.2.18 allows remote attackers to ...
CVE-2014-9281vulnerablefixedCross-site scripting (XSS) vulnerability in admin/copy_field.php in ...
CVE-2014-9280vulnerablefixedThe current_user_get_bug_filter function in core/current_user_api.php ...
CVE-2014-9279vulnerablevulnerableThe print_test_result function in admin/upgrade_unattended.php in ...
CVE-2014-9272vulnerablefixedThe string_insert_href function in MantisBT 1.2.0a1 through 1.2.x ...
CVE-2014-9271vulnerablefixedCross-site scripting (XSS) vulnerability in file_download.php in ...
CVE-2014-9270vulnerablefixedCross-site scripting (XSS) vulnerability in the ...
CVE-2014-9269vulnerablefixedCross-site scripting (XSS) vulnerability in helper_api.php in MantisBT ...
CVE-2014-9117vulnerablefixedMantisBT before 1.2.18 uses the public_key parameter value as the key ...
CVE-2014-9089vulnerablefixedMultiple SQL injection vulnerabilities in view_all_bug_page.php in ...
CVE-2014-8988vulnerablefixedMantisBT before 1.2.18 allows remote authenticated users to bypass the ...
CVE-2014-8986vulnerablefixedCross-site scripting (XSS) vulnerability in the selection list in the ...
CVE-2014-8598vulnerablefixedThe XML Import/Export plugin in MantisBT 1.2.x does not restrict ...
CVE-2014-8554vulnerablefixedSQL injection vulnerability in the mc_project_get_attachments function ...
CVE-2014-8553vulnerablefixedThe mci_account_get_array_by_id function in ...
CVE-2014-7146vulnerablefixedThe XmlImportExport plugin in MantisBT 1.2.17 and earlier allows ...
CVE-2014-6387vulnerablefixedgpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to ...
CVE-2014-6316vulnerablefixedcore/string_api.php in MantisBT before 1.2.18 does not properly ...
CVE-2014-2238vulnerablefixedSQL injection vulnerability in the manage configuration page ...
CVE-2014-1609vulnerablefixedMultiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow ...
CVE-2014-1608vulnerablefixedSQL injection vulnerability in the mci_file_get function in ...
CVE-2013-4460vulnerablefixedCross-site scripting (XSS) vulnerability in account_sponsor_page.php ...
CVE-2013-1934vulnerablefixedmantis: XSS issue in adm_config_report.php when displaying complex value
CVE-2013-1811vulnerablefixedReporter can change issue status to 'new'
CVE-2012-5523vulnerablefixedcore/email_api.php in MantisBT before 1.2.12 does not properly manage ...
CVE-2012-5522vulnerablefixedMantisBT before 1.2.12 does not use an expected default value during ...

Resolved issues

BugDescription
TEMP-0425010-42F27Cmantis: information leak
TEMP-0000000-B14A9Dmantis multiple issues
TEMP-0000000-6C56E3mantis multiple issues fixed in 1.0.7
CVE-2014-8987Cross-site scripting (XSS) vulnerability in the "set configuration" ...
CVE-2013-1932mantis: XSS vulnerability on Configuration Report page
CVE-2013-1931mantis: XSS vulnerability when deleting a version
CVE-2013-1930mantis: Close button available to users despite workflow restrictions
CVE-2013-1883Mantis Bug Tracker (aka MantisBT) 1.2.12 before 1.2.15 allows remote ...
CVE-2013-1810Multiple cross-site scripting (XSS) vulnerabilities in ...
CVE-2013-0197Cross-site scripting (XSS) vulnerability in the ...
CVE-2012-2692MantisBT before 1.2.11 does not check the delete_attachments_threshold ...
CVE-2012-2691The mc_issue_note_update function in the SOAP API in MantisBT before ...
CVE-2012-1123The mci_check_login function in api/soap/mc_api.php in the SOAP API in ...
CVE-2012-1122bug_actiongroup.php in MantisBT before 1.2.9 does not properly check ...
CVE-2012-1121MantisBT before 1.2.9 does not properly check permissions, which ...
CVE-2012-1120The SOAP API in MantisBT before 1.2.9 does not properly enforce the ...
CVE-2012-1119MantisBT before 1.2.9 does not audit when users copy or clone a bug ...
CVE-2012-1118The access_has_bug_level function in core/access_api.php in MantisBT ...
CVE-2011-3578Cross-site scripting (XSS) vulnerability in ...
CVE-2011-3358Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before ...
CVE-2011-3357Directory traversal vulnerability in bug_actiongroup_ext_page.php in ...
CVE-2011-3356Multiple cross-site scripting (XSS) vulnerabilities in ...
CVE-2011-2938Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php ...
CVE-2010-4350Directory traversal vulnerability in admin/upgrade_unattended.php in ...
CVE-2010-4349admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote ...
CVE-2010-4348Cross-site scripting (XSS) vulnerability in ...
CVE-2010-3763Cross-site scripting (XSS) vulnerability in core/summary_api.php in ...
CVE-2010-3303Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before ...
CVE-2010-2802Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 ...
CVE-2010-2574Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in ...
CVE-2009-2802
CVE-2008-4689Mantis before 1.1.3 does not unset the session cookie during logout, ...
CVE-2008-4688core/string_api.php in Mantis before 1.1.3 does not check the ...
CVE-2008-4687manage_proj_page.php in Mantis before 1.1.4 allows remote ...
CVE-2008-3333Directory traversal vulnerability in core/lang_api.php in Mantis ...
CVE-2008-3332Eval injection vulnerability in adm_config_set.php in Mantis before ...
CVE-2008-3331Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php ...
CVE-2008-3102Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the ...
CVE-2008-2276Cross-site request forgery (CSRF) vulnerability in ...
CVE-2008-0404Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows ...
CVE-2007-6611Cross-site scripting (XSS) vulnerability in view.php in Mantis before ...
CVE-2007-2383The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data ...
CVE-2006-6574Mantis before 1.1.0a2 does not implement per-item access control for ...
CVE-2006-6515Mantis before 1.1.0a2 sets the default value of ...
CVE-2006-1577Multiple cross-site scripting (XSS) vulnerabilities in ...
CVE-2006-0841Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 ...
CVE-2006-0840manage_user_page.php in Mantis 1.00rc4 and earlier does not properly ...
CVE-2006-0665Unspecified vulnerability in (1) query_store.php and (2) ...
CVE-2006-0664Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in ...
CVE-2005-4524Mantis 1.0.0rc3 does not properly handle "Make note private" when a ...
CVE-2005-4523Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS ...
CVE-2005-4522Multiple cross-site scripting (XSS) vulnerabilities in the ...
CVE-2005-4521CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows ...
CVE-2005-4520Unspecified "port injection" vulnerabilities in filters in Mantis ...
CVE-2005-4519Multiple SQL injection vulnerabilities in the manage user page ...
CVE-2005-4518Mantis before 0.19.4 allows remote attackers to bypass the file upload ...
CVE-2005-4238Cross-site scripting (XSS) vulnerability in view_filters_page.php in ...
CVE-2005-3339Mantis before 0.19.3 caches the User ID longer than necessary, which ...
CVE-2005-3338Unspecified vulnerability in Mantis before 0.19.3, when using ...
CVE-2005-3336SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows ...
CVE-2005-3335PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php ...
CVE-2005-3091Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 ...
CVE-2005-3090Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php ...
CVE-2005-2557Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis ...
CVE-2005-2556core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with ...
CVE-2004-2666Mantis before 20041016 provides a complete Issue History (Bug History) ...
CVE-2004-1734PHP remote file inclusion vulnerability in Mantis 0.19.0a allows ...
CVE-2004-1731signup_page.php in Mantis bugtracker allows remote attackers to send ...
CVE-2004-1730Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows ...
CVE-2003-0499Mantis 0.17.5 and earlier stores its database password in cleartext in ...
CVE-2002-1116The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and ...
CVE-2002-1115Mantis 0.17.4a and earlier allows remote attackers to view private ...
CVE-2002-1114config_inc2.php in Mantis before 0.17.4 allows remote attackers to ...
CVE-2002-1113summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote ...
CVE-2002-1112Mantis before 0.17.4 allows remote attackers to list project bugs ...
CVE-2002-1111print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify ...
CVE-2002-1110Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, ...

Security announcements

DSA / DLADescription
DSA-3120-1mantis - security update
DSA-3030-1mantis - security update
DSA-2500-1mantis - several
DSA-2308-1mantis - several
DSA-2308-1mantis - several
DSA-1856-1mantis - information leak
DSA-1467-1mantis - several vulnerabilities
DSA-1133-1mantis - cross site scripting
DSA-944-1mantis - several
DSA-944-1mantis - several
DSA-905-1mantis - several
DSA-905-1mantis - several
DSA-778-1mantis - missing input sanitising
DSA-335mantis - incorrect permissions
DSA-161mantis - privilege escalation
DSA-153mantis - cross site code execution and privilege escalation

Search for package or bug name: Reporting problems