GHSA-73VX-49MV-V8W5 MantisBT has Stored HTML Injection/XSS when displaying Tags in Timeline

Improper escaping of tag names retrieved from History in Timeline myviewpage.php allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that has been renamed or deleted. Impact Cross-site scripting XSS. Patches...

MantisBT has Stored HTML Injection/XSS when displaying Tags in Timeline

Improper escaping of tag names retrieved from History in Timeline myviewpage.php allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that has been renamed or deleted. Impact Cross-site scripting XSS. Patches...

CVE-2026-33548 MantisBT has Stored HTML Injection / XSS when displaying Tags in Timeline

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, improper escaping of tag names retrieved from History in Timeline myviewpage.php allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that has...

CVE-2026-33548

MantisBT 2.28.0 is vulnerable to Stored HTML Injection / XSS when rendering tags in Timeline (Timeline view via my_view_page.php). Root cause: improper escaping of tag names retrieved from History in Timeline. Impact: if CSP permits, attacker could execute arbitrary JavaScript when displaying a r...

Mantis Bug Tracker 跨站脚本漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Version 2.28.0 of Mantis Bug Tracker contains a cross-site scripting vulnerability. This vulnerability arises from improper escaping of tag names in the timeline, which may lead to cross-site scripting...