CVE-2026-33517

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-33517
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33517.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-33517
Aliases
Published
2026-03-23T19:13:15.220Z
Modified
2026-04-10T05:42:52.185432Z
Severity
  • 8.6 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation
Details

Mantis Bug Tracker (MantisBT) is an open source issue tracker. In version 2.28.0, when deleting a Tag (tag_delete.php), improper escaping of its name when displaying the confirmation message allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript. Version 2.28.1 fixes the issue. Workarounds include reverting commit d6890320752ecf37bd74d11fe14fe7dc12335be9 and/or manually editing language files to remove the sprintf placeholder %1$s from $s_tag_delete_message string.

Database specific 
{
    "cwe_ids": [
        "CWE-79"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33517.json"
}
References

Affected packages

Git / github.com/mantisbt/mantisbt

Affected ranges

Type
GIT
Repo
https://github.com/mantisbt/mantisbt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
75ed0962f60435d222a04343e60ba319e12093fd
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "= 2.28.0"
        }
    ]
}

Affected versions

release-1.*
release-1.2.0a1
release-1.2.0a2
release-1.2.0a3
release-1.2.0rc1
release-1.3.0-beta.1
release-1.3.0-beta.2
release-1.3.0-beta.3
release-1.3.0-rc.1
release-1.3.0-rc.2
release-2.*
release-2.0.0
release-2.0.0-beta.1
release-2.0.0-beta.2
release-2.0.0-beta.3
release-2.0.0-rc.1
release-2.0.0-rc.2
release-2.1.0
release-2.10.0
release-2.11.0
release-2.12.0
release-2.13.0
release-2.14.0
release-2.15.0
release-2.16.0
release-2.17.0
release-2.18.0
release-2.19.0
release-2.2.0
release-2.20.0
release-2.21.0
release-2.22.0
release-2.23.0
release-2.24.0
release-2.25.0
release-2.26.0
release-2.27.0
release-2.28.0
release-2.3.0
release-2.4.0
release-2.5.0
release-2.6.0
release-2.7.0
release-2.8.0
release-2.9.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33517.json"