CVE-2026-40598

UNKNOWN 0.0

MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.28.1 and below, improper escaping of the redirection page (retrieved from the request's Referer header) allows an attacker to inject HTML. While this is generally not directly actionable as modern browsers will URL-encode special characters, on some specific server configurations this could poison the cache, leading to cross-site scripting. This issue has been fixed in version 2.28.2.

CWE	CWE-79
Vendor	mantisbt
Product	mantisbt
Published	May 22, 2026
Last Updated	May 23, 2026

Stay Ahead of the Next One

Get instant alerts for mantisbt mantisbt

Be the first to know when new unknown vulnerabilities affecting mantisbt mantisbt are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

mantisbt / mantisbt

< 2.28.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/mantisbt/mantisbt/security/advisories/GHSA-6jh4-47v2-4g37 github.com: https://github.com/mantisbt/mantisbt/commit/b1ebc57763f104eb5f541b7b4d1ce6948168abd9 mantisbt.org: https://mantisbt.org/bugs/view.php?id=37017