Will Dollman

**Name of the Vulnerable Software and Affected Versions** MantisBT versions prior to 1.2.19 MantisBT version 2.0.0-beta1 MantisBT version 1.3.0-beta1 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `view type` parameter in the MantisBT Filter API. **Recommendations** For MantisBT versions prior to 1.2.19, update to version 1.2.19 or later. For MantisBT version 2.0.0-beta1, avoid using the `view type` parameter in the affected API endpoint until the issue is resolved. For MantisBT version 1.3.0-beta1, restrict access to the MantisBT Filter API to minimize the risk of exploitation.