Vulnerability in Mantis Bug Tracker Allows HTML Injection
CVE-2026-41897
5.3MEDIUM
What is CVE-2026-41897?
The Mantis Bug Tracker, an open-source issue tracking system, is susceptible to an HTML injection issue due to insufficient validation of the 'filter_target' parameter in the 'return_dynamic_filters.php' file. This vulnerability affects versions from 1.0.0 to 2.28.1. Attackers could exploit this flaw to inject arbitrary HTML into TEXTAREA custom fields, compromising data integrity and potentially executing malicious scripts within the application context. This issue was addressed in version 2.28.2, highlighting the importance of keeping software updated to mitigate security risks.
Affected Version(s)
mantisbt >= 1.0.0, < 2.28.2
