Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

mantisbt — Vulnerabilities & Security Advisories 35

All 35 CVE vulnerabilities found in mantisbt, with AI-generated Chinese analysis, references, and POCs.

This page aggregates Common Weakness Enumerations for the open-source bug tracking system mantisBT. It provides a centralized view of security flaws associated with this specific vendor and software product, categorized by their underlying weakness types. The data collected encompasses a wide range of vulnerabilities, including but not limited to cross-site scripting, SQL injection, and insecure direct object references. This compilation covers security incidents and advisory disclosures from the early development phases of the platform up to recent updates, ensuring a comprehensive historical record. Users can utilize this resource to track the evolution of security advisories issued by the mantisBT community and maintainers. By examining these entries, analysts can gain a deeper understanding of the prevalent weakness classes that have historically affected the application. Furthermore, the page allows for a detailed lookup of the product’s vulnerability history, helping developers and security professionals assess the long-term security posture of mantisBT. This information is critical for patch management and risk assessment. The aggregated data serves as a reference point for identifying patterns in defect reporting and resolution. It aids in evaluating the effectiveness of past security fixes and highlights areas requiring continued attention. This resource is intended for technical audiences seeking factual data on software vulnerabilities without speculative commentary or promotional content.

Vendor: mantisBT

CVE IDTitleCVSSSeverityPublished
CVE-2026-42071 MantisBT: Private Bugnote Attachment Content Leak via REST API CWE-862--2026-05-28
CVE-2026-42070 MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API CWE-863--2026-05-28
CVE-2026-44655 MantisBT: Stored XSS on Move Attachments Admin Page CWE-79--2026-05-28
CVE-2026-41897 MantisBT: Reflected XSS in Rendering Dynamic Custom Textarea Field CWE-79--2026-05-28
CVE-2026-44657 MantisBT: Stored XSS in File Download CWE-79--2026-05-28
CVE-2026-40607 MantisBT is Vulnerable to Stored XSS Through its Saved-Filter Owner Column CWE-79--2026-05-22
CVE-2026-40598 MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page CWE-79--2026-05-22
CVE-2026-40597 MantisBT has a Content Security Policy bypass via attachments CWE-79--2026-05-22
CVE-2026-40596 MantisBT is vulnerable to XSS and potential account takeover via user font family preference update CWE-79--2026-05-22
CVE-2026-39960 MantisBT is Vulnerable to Stored XSS through Custom Field Textarea Values CWE-79 5.4 Medium2026-05-20
CVE-2026-34970 MantisBT Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked CWE-200--2026-05-19
CVE-2026-34754 MantisBT allows unauthorized users to upload attachments to restricted issues via REST API CWE-284 4.3 Medium2026-05-19
CVE-2026-34744 MantisBT authorization bypass allows continued access to self-uploaded attachments on private issues CWE-200--2026-05-19
CVE-2026-34579 MantisBT has an authorization bypass via private issue monitoring CWE-863--2026-05-19
CVE-2026-34463 MantisBT has Stored HTML Injection/XSS via Clone Issue Form CWE-79--2026-05-19
CVE-2026-34390 MantisBT: Privilege Escalation from Manager to Administrator CWE-284--2026-05-19
CVE-2026-33052 MantisBT: Authorization Bypass in Global Profile Creation CWE-639--2026-05-19
CVE-2026-33548 MantisBT has Stored HTML Injection / XSS when displaying Tags in Timeline CWE-79 5.4 -2026-03-23
CVE-2026-33517 MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation CWE-79 5.4 -2026-03-23
CVE-2026-30849 MantisBT SOAP API has an authentication bypass vulnerability on MySQL CWE-305 9.8 -2026-03-23
CVE-2025-62520 MantisBT unauthorized disclosure of private project column configuration CWE-285 4.3AIMediumAI2025-11-04
CVE-2025-55155 MantisBT: Authentication bypass for some passwords due to PHP type juggling CWE-201 5.4 Medium2025-11-04
CVE-2025-47776 MantisBT: Authentication bypass for some passwords due to PHP type juggling CWE-305 9.8AICriticalAI2025-11-04
CVE-2025-46556 MantisBT is Vulnerable to Denial-of-Service (DoS) attack via Excessive Note Length CWE-770 6.5 Medium2025-11-04
CVE-2024-45792 MantisBT vulnerable to information disclosure with user profiles CWE-200 6.5 -2024-09-30
CVE-2024-34081 MantisBT Cross-site Scripting vulnerability CWE-79 6.6 Medium2024-05-13
CVE-2024-34080 MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor CWE-200 5.3 Medium2024-05-13
CVE-2024-34077 MantisBT user account takeover in the signup/reset password process CWE-305 7.3 High2024-05-13
CVE-2024-23830 MantisBT Host Header Injection vulnerability CWE-74 8.3 High2024-02-20
CVE-2023-44394 Disclosure of project names to unauthorized users in MantisBT CWE-200 4.3 Medium2023-10-16

All 35 known CVE vulnerabilities affecting mantisbt with full Chinese analysis, references, and POCs where available.