Primary

Context

Mantis Bug Tracker Stored Cross-Site Scripting Vulnerability in Tag Deletion Confirmation

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in Mantis Bug Tracker (MantisBT) version 2.28.0. The issue arises in the tag deletion process, where improper escaping of the tag name in the confirmation message allows for HTML injection. If the Content Security Policy (CSP) settings permit, this could lead to the execution of arbitrary JavaScript. The vulnerability has been patched in version 2.28.1.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Remediation

Users can update to MantisBT version 2.28.1 to address this vulnerability. Alternatively, the language files can be manually edited to remove the sprintf placeholder '%1$s' from the '$s_tag_delete_message' string.

Added: Mar 23, 2026, 8:20 PM

Updated: Mar 23, 2026, 8:20 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.7

exploitability

5.7

remediation

7.7

relevance

4.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.7

exploitability

5.7

remediation

7.7

relevance

4.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mantis Bug Tracker Stored Cross-Site Scripting Vulnerability in Tag Deletion Confirmation

Vulnerability

Impact

Remediation

Affected Products

Mantis Bug Tracker

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating