6 matches found
CVE-2026-11766
CVE-2026-11766 affects the Ultimate Member WordPress plugin (before 2.12.0). The vulnerability is a stored XSS in custom textarea profile fields: unescaped/sanitised values are output on user profiles, enabling an authenticated user with Subscriber-level access and above to inject JavaScript that...
CVE-2026-11766
The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting it on user profiles, allowing authenticated users with Subscriber-level access and above to store JavaScript that executes when any user, includin...
CVE-2026-41897
Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filtertarget parameter on returndynamicfilters.php normally used as an AJAX in View Issues Page allows an attacker to inject arbitrary HTML if the target is a TEXTAREA custom field. This...
CVE-2026-41897 MantisBT: Reflected XSS in Rendering Dynamic Custom Textarea Field
Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filtertarget parameter on returndynamicfilters.php normally used as an AJAX in View Issues Page allows an attacker to inject arbitrary HTML if the target is a TEXTAREA custom field. This...
CVE-2026-41897
CVE-2026-41897 affects MantisBT (Mantis Bug Tracker) from versions 1.0.0 through 2.28.1. The root cause is lack of validation of the filter_target parameter in return_dynamic_filters.php, used for AJAX on the View Issues page, which allows an attacker to inject arbitrary HTML when the target is a...
Cross-site Scripting (XSS)
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the returndynamicfilters.php process when handling the filtertarget parameter. An attacker can execute arbitrary HTML or scripts in the context of a user's browser ...