Back to search
CVE-2026-41897
Published: May 28, 2026
Modified: May 30, 2026
PUBLISHED
Description
Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filter_target parameter on return_dynamic_filters.php (normally used as an AJAX in View Issues Page) allows an attacker to inject arbitrary HTML if the target is a TEXTAREA custom field. This vulnerability is fixed in 2.28.2.
| Vendor | Product | Versions |
|---|---|---|
mantisbt | mantisbt | affected >= 1.0.0, < 2.28.2 |
Weaknesses (CWE)
References
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-j7v9-f46r-2rp4
x_refsource_CONFIRM
https://mantisbt.org/bugs/view.php?id=37013
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now