Paulr

**Name of the Vulnerable Software and Affected Versions** MantisBT versions 1.1.0a1 through 1.2.x before 1.2.18 **Description** A cross-site scripting (XSS) issue exists in the helper api.php file when the Extended project browser is enabled. This allows remote attackers to inject arbitrary web script or HTML via the `project` cookie. **Recommendations** For versions 1.1.0a1 through 1.2.x before 1.2.18, update to version 1.2.18 or later to resolve the issue.