GHSA-6jh4-47v2-4g37

Source

https://github.com/advisories/GHSA-6jh4-47v2-4g37

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-6jh4-47v2-4g37/GHSA-6jh4-47v2-4g37.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-6jh4-47v2-4g37

Aliases

CVE-2026-40598

Published

2026-05-11T19:35:01Z

Modified

2026-05-11T19:49:01.157543Z

Severity

6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page

Details

Improper escaping of the redirection page (retrieved from the request's Referer header) allows an attacker to inject HTML.

While this is generally not directly actionable as modern browsers will URL-encode special characters, on some specific server configurations this could poison the cache, leading to cross-site scripting.

Impact

Cross-site scripting (XSS).

Patches

b1ebc57763f104eb5f541b7b4d1ce6948168abd9

Workarounds

None

Credits

Thanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-11T19:35:01Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "nvd_published_at": null
}

References

Affected packages

Packagist / mantisbt/mantisbt

Package

Name: mantisbt/mantisbt
Purl: pkg:composer/mantisbt/mantisbt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.28.2

Affected versions

2.*

2.3.0

2.3.1

2.3.2

2.3.3

2.4.0

2.4.1

2.4.2

2.5.0

2.5.1

2.5.2

2.6.0

2.7.0

2.7.1

2.8.0

2.8.1

2.9.0

2.9.1

2.10.0

2.10.1

2.11.0

2.11.1

2.12.0

2.12.1

2.12.2

2.13.0

2.13.1

2.13.2

2.14.0

2.15.0

2.15.1

2.16.0

2.16.1

2.17.0

2.17.1

2.17.2

2.18.0

2.18.1

2.19.0

2.19.1

2.20.0

2.20.1

2.21.0

2.21.1

2.21.2

2.21.3

2.22.0

2.22.1

2.22.2

2.23.0

2.23.1

2.24.0

2.24.1

2.24.2

2.24.3

2.24.4

2.24.5

2.25.0

2.25.1

2.25.2

2.25.3

2.25.4

2.25.5

2.25.6

2.25.7

2.25.8

2.26.0

2.26.1

2.26.2

2.26.3

2.26.4

2.27.0

2.27.1

2.27.2

2.27.3

2.28.0

2.28.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-6jh4-47v2-4g37/GHSA-6jh4-47v2-4g37.json"

last_known_affected_version_range

"<= 2.28.1"