5 matches found
CVE-2026-40598
CVE-2026-40598 affects MantisBT (Mantis Bug Tracker). In versions 2.28.1 and earlier, improper escaping of the redirection page (constructed from the Referer header) allows an attacker to inject HTML, which can lead to cross-site scripting (XSS) in certain server configurations where the cache is...
CVE-2026-40598 MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page
Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.28.1 and below, improper escaping of the redirection page retrieved from the request's Referer header allows an attacker to inject HTML. While this is generally not directly actionable as modern browsers will URL-encode...
CVE-2026-40598 MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page
Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.28.1 and below, improper escaping of the redirection page retrieved from the request's Referer header allows an attacker to inject HTML. While this is generally not directly actionable as modern browsers will URL-encode...
GHSA-6JH4-47V2-4G37 MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page
Improper escaping of the redirection page retrieved from the request's Referer header allows an attacker to inject HTML. While this is generally not directly actionable as modern browsers will URL-encode special characters, on some specific server configurations this could poison the cache, leadi...
MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page
Improper escaping of the redirection page retrieved from the request's Referer header allows an attacker to inject HTML. While this is generally not directly actionable as modern browsers will URL-encode special characters, on some specific server configurations this could poison the cache, leadi...