Zhangdongsheng

**Name of the Vulnerable Software and Affected Versions** MantisBT versions prior to 1.3.8 MantisBT versions prior to 2.1.2 MantisBT versions prior to 2.2.2 **Description** A cross-site scripting (XSS) issue exists in the MantisBT Configuration Report page, allowing remote attackers to inject arbitrary code through a crafted `action` parameter in the adm config report.php page. **Recommendations** For versions prior to 1.3.8, update to version 1.3.8 or later. For versions prior to 2.1.2, update to version 2.1.2 or later. For versions prior to 2.2.2, update to version 2.2.2 or later.