PT-2026-39883 · Mantisbt · Mantisbt
Published
2026-05-11
·
Updated
2026-05-12
·
CVE-2026-40598
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
MantisBT (affected versions not specified)
Description
Improper escaping of the redirection page, which is retrieved from the
Referer header of the request, allows an attacker to inject HTML. In certain server configurations, this can lead to cache poisoning, resulting in cross-site scripting (XSS), a technique where malicious scripts are injected into otherwise trusted websites.Recommendations
Apply the patch b1ebc57763f104eb5f541b7b4d1ce6948168abd9.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mantisbt