Mantis · Mantis Bug Tracker · CVE-2004-1730
**Name of the Vulnerable Software and Affected Versions**
Mantis bugtracker (affected versions not specified)
**Description**
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via several parameters, including the `return` parameter to "login page.php", the e-mail field in "signup.php", the `action` parameter to "login select proj page.php", or the `hide status` parameter to "view all set.php".
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.