CVE-2026-9809

A stored Cross-Site Scripting XSS vulnerability exists in the Projects component of Mautic 7. When displaying project tags and popovers on administrative detail views such as campaigns, emails, or forms, user-supplied project names are rendered without proper sanitization. An authenticated user...

CVE-2026-33548 MantisBT has Stored HTML Injection / XSS when displaying Tags in Timeline

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, improper escaping of tag names retrieved from History in Timeline myviewpage.php allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that has...

CVE-2026-33548

MantisBT 2.28.0 is vulnerable to Stored HTML Injection / XSS when rendering tags in Timeline (Timeline view via my_view_page.php). Root cause: improper escaping of tag names retrieved from History in Timeline. Impact: if CSP permits, attacker could execute arbitrary JavaScript when displaying a r...

phpmyfaq -- XSS vulnerability

phpmyfaq developers report: phpMyFAQ does not implement sufficient checks to avoid XSS injection for displaying tags...