CVE-2026-41897

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filtertarget parameter on returndynamicfilters.php normally used as an AJAX in View Issues Page allows an attacker to inject arbitrary HTML if the target is a TEXTAREA custom field. This...

CVE-2026-41897

CVE-2026-41897 affects MantisBT (Mantis Bug Tracker) from versions 1.0.0 through 2.28.1. The root cause is lack of validation of the filter_target parameter in return_dynamic_filters.php, used for AJAX on the View Issues page, which allows an attacker to inject arbitrary HTML when the target is a...

CVE-2026-41897 MantisBT: Reflected XSS in Rendering Dynamic Custom Textarea Field

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filtertarget parameter on returndynamicfilters.php normally used as an AJAX in View Issues Page allows an attacker to inject arbitrary HTML if the target is a TEXTAREA custom field. This...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the returndynamicfilters.php process when handling the filtertarget parameter. An attacker can execute arbitrary HTML or scripts in the context of a user's browser ...