An XSS issue was discovered in managecustomfieldeditpage.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.