✅ 檢查你的版本
所有已知漏洞
CRITICAL9.1CVE-2025-47776MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling from 0, < 2.27.2
>= 1.3.0-rc.2, < 1.3.10
from 0, < 2.26.1
HIGH8.1CVE-2009-20001MantisBT Insufficient Session Expiration cookie string not reset after logout from 0, < 2.24.5
HIGH7.8CVE-2021-43257MantisBT CSV Injection unprivileged user access in csv_export.php from 0, < 2.25.3
HIGH7.5CVE-2020-35849MantisBT Incorrect Authorization for bug_revision_view_page.php check from 0, < 2.24.4
HIGH7.3CVE-2024-34077Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process from 0, < 2.26.2
from 0, < 1.3.20
MEDIUM6.6CVE-2024-34081Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting from 0, < 2.26.2
MEDIUM6.5CVE-2025-46556MantisBT Vulnerable to Denial-of-Service (DoS) via Excessive Note Length from 0, < 2.27.2
MEDIUM6.5CVE-2020-29604MantisBT Missing Authorization access check in bug_actiongroup.php from 0, < 2.24.4
MEDIUM6.5CVE-2017-7620MantisBT vulnerable to CSRF and Open Redirect attacks from 0, < 1.3.11
MEDIUM6.1CVE-2026-33548MantisBT has Stored HTML Injection/XSS when displaying Tags in Timeline >= 2.28.0, < 2.28.2
MEDIUM6.1CVE-2021-33557MantisBT allows XSS in manage_custom_field_edit_page.php from 0, < 2.25.2
from 0, < 2.25.0
from 0, < 2.21.3
MEDIUM6.1CVE-2018-16514MantisBT cross-site scripting (XSS) vulnerability through crafted PATH_INFO >= 2.1.0, < 2.17.1
MEDIUM6.1CVE-2017-7897MantisBT XSS via my_view_page.php and view_user_page.php >= 2.3.0, < 2.3.2
MEDIUM6.1CVE-2017-12062MantisBT vulnerable to XSS via unsanitized filter field in manage_user_page.php >= 2.0.0, < 2.5.2
MEDIUM6.1CVE-2018-14504MantisBT allows XSS on the Edit Filter page via crafted filter name >= 2.0.0, < 2.15.1
>= 2.1.0, < 2.15.1
MEDIUM6.1CVE-2017-12061MantisBT XSS allows unsanitized input via admin/install.php from 0, < 1.3.12
MEDIUM6.1CVE-2022-28508MantisBT vulnerable to XSS via unescaped output in browser_search_plugin.php from 0, <= 2.25.2
MEDIUM6.1CVE-2022-26144MantisBT vulnerable to XSS due to improper escape in manage_plugin_page.php and manage_plugin_uninstall.php from 0, < 2.25.3
MEDIUM5.4CVE-2026-39960MantisBT is Vulnerable to Stored XSS in Custom Field Textarea Values from 0, < 2.28.2
MEDIUM5.4CVE-2025-55155MantisBT lacks verification when changing a user's email address from 0, < 2.27.2
MEDIUM5.4CVE-2022-33910MantisBT XSS through crafted SVG documents in file_download.php from 0, < 2.25.5
MEDIUM5.4CVE-2020-16266MantisBT XSS issue on the view_all_bug_page.php >= 2.1.0, < 2.24.2
>= 2.1.0, < 2.17.2
>= 2.1.0, < 2.17.2
MEDIUM5.3CVE-2024-34080MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor from 0, < 2.26.2
MEDIUM5.3CVE-2020-28413MantisBT SQL Injection via mc_project_get_users function from 0, < 2.24.4
from 0, < 2.24.3
MEDIUM4.8CVE-2020-25288MantisBT XXS where a Custom Field with a crafted Regular Expression property is used >= 2.23.0, < 2.24.3
MEDIUM4.8CVE-2017-6973MantisBT XSS via adm_config_report.php's action parameter from 0, < 1.3.8
from 0, < 1.3.9
MEDIUM4.8CVE-2017-7309MantisBT vulnerable to XSS through config_option parameter in adm_config_report.php from 0, < 1.3.9
MEDIUM4.7CVE-2016-7111MantisBT XSS through weak CSP when using Gravatar plugin from 0, < 1.3.1
MEDIUM4.3CVE-2026-34754MantisBT has an Authorization Bypass that Allows Uploading Attachments to Private Issues via REST API from 0, < 2.28.2
MEDIUM4.3CVE-2025-62520MantisBT unauthorized disclosure of private project column configuration from 0, < 2.27.2
MEDIUM4.3CVE-2024-45792MantisBT vulnerable to information disclosure with user profiles from 0, < 2.26.4
MEDIUM4.3CVE-2023-44394MantisBT may disclose project names to unauthorized users from 0, < 2.25.8
MEDIUM4.3CVE-2023-22476MantisBT may expose private issues' summaries to unauthorized users from 0, < 2.25.6
MEDIUM4.3CVE-2020-29603MantisBT Insecure Storage in manage_proj_edit_page.php from 0, < 2.24.4
MEDIUM4.3CVE-2020-25781MantisBT unauthorized users able to access private files from 0, < 2.24.3
from 0, < 2.28.2
>= 1.3.0, < 2.28.2
—CVE-2026-42071MantisBT has a Private Bugnote Attachment Content Leak via REST API >= 2.23.0, < 2.28.2
—CVE-2026-42070MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API from 0, < 2.28.2
—CVE-2026-41897MantisBT is Vulnerable to Reflected XSS in Rendering Dynamic Custom Textarea Field >= 1.0.0, < 2.28.2
—CVE-2026-40607MantisBT is Vulnerable to Stored XSS in Saved-Filter Owner Column >= 2.1.0, < 2.28.2
—CVE-2026-40598MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page from 0, < 2.28.2
—CVE-2026-40597MantisBT has a Content Security Policy bypass via attachments from 0, < 2.28.2
—CVE-2026-40596MantisBT is Vulnerable to XSS leading to account takeover via updating a user's font family preference >= 2.11.0, < 2.28.2
—CVE-2026-34970MantisBT: Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked from 0, < 2.28.2
—CVE-2026-34744MantisBT has an authorization bypass that allows reading attachments after losing access to a private issue from 0, < 2.28.2
—CVE-2026-34579MantisBT has an authorization bypass in private issue monitoring >= 2.26.1, < 2.28.2
—CVE-2026-34463MantisBT is Vulnerable to Stored HTML Injection/XSS in Clone Issue Form from 0, < 2.28.2
—CVE-2026-34390MantisBT Vulnerable to Privilege Escalation from Manager to Administrator from 0, < 2.28.2
—CVE-2026-33052MantisBT Has Authorization Bypass in Global Profile Creation >= 2.28.0, < 2.28.2
—CVE-2026-33517MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation >= 2.28.0, < 2.28.1
—CVE-2026-30849MantisBT is vulnerable to authentication bypass through the SOAP API on MySQL from 0, < 2.28.1
—CVE-2020-29605MantisBT Incorrect Authorization in bug_actiongroup_page.php from 0, < 2.24.4
—CVE-2019-15074MantisBT allows cross-site scripting (XSS) via crafted filename from 0, < 2.21.2
from 0, <= 1.2.2