MantisBT: Stored XSS on Move Attachments Admin Page_CVE-2026-44655

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it (which typically requires manager or administrator access level) to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2.

AI Analysis

Stored XSS vulnerability in MantisBT's Move Attachments admin page due to unescaped Project Name, allowing HTML injection by attackers with manager or administrator access.

Basic Information

ID CVE-2026-44655

Source GitHub_M

Published May 28, 2026 at 20:27

Affected Product

Vendor mantisbt

Product mantisbt

Version >= 1.3.0, < 2.28.2

Affected Versions mantisbt mantisbt >= 1.3.0, < 2.28.2

CWE Classification

CWE-79

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor MantisBT Team

Product Mantis Bug Tracker (MantisBT)

Version 1.3.0 to 2.28.1

References

{
    "lastseen": "",
    "description": "Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it (which typically requires manager or administrator access level) to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2.",
    "published": "2026-05-28T20:27:02.724Z",
    "modified": "2026-05-28T20:27:02.724Z",
    "type": "cve",
    "title": "MantisBT: Stored XSS on Move Attachments Admin Page",
    "source": "GitHub_M",
    "references": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-7mqj-8gj2-cg59\nhttps://github.com/mantisbt/mantisbt/commit/5cb4b469295889f5d2b01677c9bf82c143e0fdaa",
    "id": "CVE-2026-44655",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "mantisbt mantisbt >= 1.3.0, < 2.28.2",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "mantisbt",
    "version": ">= 1.3.0, < 2.28.2",
    "vendor": "mantisbt",
    "ai_description": "Stored XSS vulnerability in MantisBT's Move Attachments admin page due to unescaped Project Name, allowing HTML injection by attackers with manager or administrator access.",
    "ai_severity": "High",
    "ai_vendor": "MantisBT Team",
    "ai_product": "Mantis Bug Tracker (MantisBT)",
    "ai_version": "1.3.0 to 2.28.1",
    "ai_score": 8.6
}