Cross-site Scripting (XSS)

mantisbt is vulnerable to cross-site scripting XSS. The attack exists because the function stringinserthrefs does not check the protocol, allowing an attacker to inject 'javascript://' to execute arbitrary code...