Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%
Buy Us a Coffee

mantisBT — Vulnerabilities & Security Advisories 35

Browse all 35 CVE security advisories affecting mantisBT. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MantisBT serves as an open-source issue tracking system primarily used for bug tracking and project management in software development environments. Historically, it has been susceptible to various vulnerability classes including remote code execution, cross-site scripting (XSS), and privilege escalation, often stemming from insufficient input validation and access control flaws. While no major public security incidents have been widely documented, the 18 recorded CVEs highlight consistent security concerns, particularly in areas like authentication bypass and insecure direct object references. The application's modular architecture and extensive plugin ecosystem introduce additional potential attack surfaces, requiring regular updates and careful configuration to mitigate risks.

Top products by mantisBT: mantisBT
CVE IDTitleCVSSSeverityPublished
CVE-2026-42071 MantisBT: Private Bugnote Attachment Content Leak via REST API — mantisbtCWE-862--2026-05-28
CVE-2026-42070 MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API — mantisbtCWE-863--2026-05-28
CVE-2026-44655 MantisBT: Stored XSS on Move Attachments Admin Page — mantisbtCWE-79--2026-05-28
CVE-2026-41897 MantisBT: Reflected XSS in Rendering Dynamic Custom Textarea Field — mantisbtCWE-79--2026-05-28
CVE-2026-44657 MantisBT: Stored XSS in File Download — mantisbtCWE-79--2026-05-28
CVE-2026-40607 MantisBT is Vulnerable to Stored XSS Through its Saved-Filter Owner Column — mantisbtCWE-79--2026-05-22
CVE-2026-40598 MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page — mantisbtCWE-79--2026-05-22
CVE-2026-40597 MantisBT has a Content Security Policy bypass via attachments — mantisbtCWE-79--2026-05-22
CVE-2026-40596 MantisBT is vulnerable to XSS and potential account takeover via user font family preference update — mantisbtCWE-79--2026-05-22
CVE-2026-39960 MantisBT is Vulnerable to Stored XSS through Custom Field Textarea Values — mantisbtCWE-79 5.4 Medium2026-05-20
CVE-2026-34970 MantisBT Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked — mantisbtCWE-200--2026-05-19
CVE-2026-34754 MantisBT allows unauthorized users to upload attachments to restricted issues via REST API — mantisbtCWE-284 4.3 Medium2026-05-19
CVE-2026-34744 MantisBT authorization bypass allows continued access to self-uploaded attachments on private issues — mantisbtCWE-200--2026-05-19
CVE-2026-34579 MantisBT has an authorization bypass via private issue monitoring — mantisbtCWE-863--2026-05-19
CVE-2026-34463 MantisBT has Stored HTML Injection/XSS via Clone Issue Form — mantisbtCWE-79--2026-05-19
CVE-2026-34390 MantisBT: Privilege Escalation from Manager to Administrator — mantisbtCWE-284--2026-05-19
CVE-2026-33052 MantisBT: Authorization Bypass in Global Profile Creation — mantisbtCWE-639--2026-05-19
CVE-2026-33548 MantisBT has Stored HTML Injection / XSS when displaying Tags in Timeline — mantisbtCWE-79 5.4 -2026-03-23
CVE-2026-33517 MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation — mantisbtCWE-79 5.4 -2026-03-23
CVE-2026-30849 MantisBT SOAP API has an authentication bypass vulnerability on MySQL — mantisbtCWE-305 9.8 -2026-03-23
CVE-2025-62520 MantisBT unauthorized disclosure of private project column configuration — mantisbtCWE-285 4.3AIMediumAI2025-11-04
CVE-2025-55155 MantisBT: Authentication bypass for some passwords due to PHP type juggling — mantisbtCWE-201 5.4 Medium2025-11-04
CVE-2025-47776 MantisBT: Authentication bypass for some passwords due to PHP type juggling — mantisbtCWE-305 9.8AICriticalAI2025-11-04
CVE-2025-46556 MantisBT is Vulnerable to Denial-of-Service (DoS) attack via Excessive Note Length — mantisbtCWE-770 6.5 Medium2025-11-04
CVE-2024-45792 MantisBT vulnerable to information disclosure with user profiles — mantisbtCWE-200 6.5 -2024-09-30
CVE-2024-34081 MantisBT Cross-site Scripting vulnerability — mantisbtCWE-79 6.6 Medium2024-05-13
CVE-2024-34080 MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor — mantisbtCWE-200 5.3 Medium2024-05-13
CVE-2024-34077 MantisBT user account takeover in the signup/reset password process — mantisbtCWE-305 7.3 High2024-05-13
CVE-2024-23830 MantisBT Host Header Injection vulnerability — mantisbtCWE-74 8.3 High2024-02-20
CVE-2023-44394 Disclosure of project names to unauthorized users in MantisBT — mantisbtCWE-200 4.3 Medium2023-10-16

This page lists every published CVE security advisory associated with mantisBT. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.