Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

mantisbt — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting mantisbt. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MantisBT serves as an open-source issue tracking system primarily used for bug tracking and project management in software development environments. Historically, it has been susceptible to various vulnerability classes including remote code execution, cross-site scripting (XSS), and privilege escalation, often stemming from insufficient input validation and access control flaws. While no major public security incidents have been widely documented, the 18 recorded CVEs highlight consistent security concerns, particularly in areas like authentication bypass and insecure direct object references. The application's modular architecture and extensive plugin ecosystem introduce additional potential attack surfaces, requiring regular updates and careful configuration to mitigate risks.

Top products by mantisbt: mantisBT
CVE IDTitleCVSSSeverityPublished
CVE-2026-33548 MantisBT has Stored HTML Injection / XSS when displaying Tags in Timeline — mantisbtCWE-79 5.4 -2026-03-23
CVE-2026-33517 MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation — mantisbtCWE-79 5.4 -2026-03-23
CVE-2026-30849 MantisBT SOAP API has an authentication bypass vulnerability on MySQL — mantisbtCWE-305 9.8 -2026-03-23
CVE-2025-62520 MantisBT unauthorized disclosure of private project column configuration — mantisbtCWE-285 4.3AIMediumAI2025-11-04
CVE-2025-55155 MantisBT: Authentication bypass for some passwords due to PHP type juggling — mantisbtCWE-201 5.4 Medium2025-11-04
CVE-2025-47776 MantisBT: Authentication bypass for some passwords due to PHP type juggling — mantisbtCWE-305 9.8AICriticalAI2025-11-04
CVE-2025-46556 MantisBT is Vulnerable to Denial-of-Service (DoS) attack via Excessive Note Length — mantisbtCWE-770 6.5 Medium2025-11-04
CVE-2024-45792 MantisBT vulnerable to information disclosure with user profiles — mantisbtCWE-200 6.5 -2024-09-30
CVE-2024-34081 MantisBT Cross-site Scripting vulnerability — mantisbtCWE-79 6.6 Medium2024-05-13
CVE-2024-34080 MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor — mantisbtCWE-200 5.3 Medium2024-05-13
CVE-2024-34077 MantisBT user account takeover in the signup/reset password process — mantisbtCWE-305 7.3 High2024-05-13
CVE-2024-23830 MantisBT Host Header Injection vulnerability — mantisbtCWE-74 8.3 High2024-02-20
CVE-2023-44394 Disclosure of project names to unauthorized users in MantisBT — mantisbtCWE-200 4.3 Medium2023-10-16
CVE-2023-22476 MantisBT: Exposure of Private issues' summary to unauthorized users — mantisbtCWE-200 4.3 Medium2023-02-23
CVE-2013-1934 MantisBT 跨站脚本漏洞 — mantisBT 5.4 -2019-10-31
CVE-2013-1932 MantisBT 跨站脚本漏洞 — mantisBT 5.4 -2019-10-31
CVE-2013-1931 MantisBT 跨站脚本漏洞 — mantisBT 4.8 -2019-10-31
CVE-2013-1930 MantisBT 输入验证错误漏洞 — mantisBT 4.3 -2019-10-31

This page lists every published CVE security advisory associated with mantisbt. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.