2 matches found
MantisBT 1.0.0 < 2.28.2 Dynamic Custom Textarea Field Reflected XSS (GHSA-j7v9-f46r-2rp4)
The version of MantisBT installed on the remote host is 1.0.0 or later but prior to 2.28.2. It is, therefore, affected by a vulnerability: - MantisBT is Vulnerable to Reflected XSS in Rendering Dynamic Custom Textarea Field. CVE-2026-41897 Note that Nessus has not tested for this issue but has...
MantisBT is Vulnerable to Reflected XSS in Rendering Dynamic Custom Textarea Field
Lack of validation of filtertarget parameter on returndynamicfilters.php normally used as an AJAX in View Issues Page allows an attacker to inject arbitrary HTML if the target is a TEXTAREA custom field. Impact Cross-site scripting XSS Patches - c885af13f0b8596714ffe11df757c09f35fbd8f4 Workaround...