Roland Becker

5 exploits Active since Jan 2014
CVE-2013-4460 WRITEUP WRITEUP
Mantisbt - XSS
Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via a project name.
CVE-2017-12062 WRITEUP MEDIUM WRITEUP
MantisBT <2.5.2 - XSS
An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled.
CVSS 6.1
CVE-2018-14504 WRITEUP MEDIUM WRITEUP
MantisBT 2.x-2.15.0 - XSS
An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'foobar" onclick="alert(1)').
CVSS 6.1
CVE-2019-15539 WRITEUP MEDIUM WRITEUP
Mantisbt < 2.21.3 - XSS
The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed when editing the document's page.
CVSS 6.1
CVE-2025-62520 WRITEUP MEDIUM WRITEUP
Mantisbt < 2.27.2 - Improper Authorization
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, due to insufficient access-level checks, any non-admin user with access to manage_config_columns_page.php can use the Copy From action to retrieve the columns configuration from a private project they have no access to. This issue is fixed in version 2.27.2.
CVSS 4.3