CVE-2026-33548

Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker versions prior to 2.28.1

Description Mantis Bug Tracker version 2.28.0 contains a flaw due to improper escaping of tag names retrieved from History in the Timeline feature, specifically within the my view page.php file. This allows an attacker to inject HTML code. If Content Security Policy (CSP) settings allow, this can lead to the execution of arbitrary JavaScript when displaying a tag that has been renamed or deleted. The vulnerable variable is $this->tag name within the IssueTagTimelineEvent::html() function.

Recommendations Update to Mantis Bug Tracker version 2.28.1 or later. As a workaround, edit the offending History entries using SQL. As a workaround, wrap $this->tag name in a string html specialchars() call within the IssueTagTimelineEvent::html() function.