Primary

Context

Mantis Bug Tracker Stored Cross-Site Scripting Vulnerability in Timeline History

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in Mantis Bug Tracker (MantisBT) version 2.28.0. The issue arises from improper escaping of tag names in the Timeline feature, specifically within the 'my_view_page.php' file. This flaw allows an attacker to inject HTML, which could be executed as arbitrary JavaScript if the Content Security Policy (CSP) settings permit. The vulnerability is triggered when a tag that has been renamed or deleted is displayed.

Impact

Exploitation of this vulnerability allows for stored HTML injection, leading to cross-site scripting (XSS) attacks.

Remediation

Users can upgrade to MantisBT version 2.28.2, where this vulnerability has been patched. For those unable to upgrade, it is possible to edit the affected History entries using SQL or to manually wrap the tag name in a HTML special characters string call in the 'IssueTagTimelineEvent::html()' method.

Added: Mar 23, 2026, 8:20 PM

Updated: Mar 23, 2026, 8:20 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.7

exploitability

5.1

remediation

8.3

relevance

4.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.7

exploitability

5.1

remediation

8.3

relevance

4.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mantis Bug Tracker Stored Cross-Site Scripting Vulnerability in Timeline History

Vulnerability

Impact

Remediation

Affected Products

Mantis Bug Tracker

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating