CVE-2026-44655
Severity CVSS v4.0:
HIGH
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
28/05/2026
Last modified:
29/05/2026
Description
Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it (which typically requires manager or administrator access level) to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2.
Impact
Base Score 4.0
8.60
Severity 4.0
HIGH



