Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities Advisory

On May 20, 2008, the CXSecurity portal published a detailed technical advisory on multiple vulnerabilities found in the Mantis Bug Tracker 1.1.1 platform, attributing the discovery to Francesco “ascii” Ongaro and Antonio “s4tan” Parata. The flaws included XSS, CSRF, and a serious Remote Code Execution vulnerability, with an impact rated 9/10 according to the CVSSv2 system. The document also describes the difficulties faced in the responsible disclosure process with the vendor, culminating in the forced publication of the advisory. Ongaro is cited as the bulletin’s author and copyright holder of the content, confirming his leading role in software vulnerability research and disclosure.