CVE-2026-33548 MantisBT has Stored HTML Injection / XSS when displaying Tags in Timeline

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, improper escaping of tag names retrieved from History in Timeline myviewpage.php allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that has...

Metabase Access Control Error Vulnerability

Metabase is an open source data analytics platform from the American company Metabase. Metabase suffers from an Access Control Error vulnerability that stems from the fact that to edit SQL snippets, Metabase should require people to belong to at least one group with native query editing privilege...