Mantis 2.11.1 Cross Site Scripting

Summary

MantisBT is a web-based open source defect tracking system developed by the MantisBT team. The system provides project management and defect tracking service in the form of Web operation.

Mantis 2.11.1 has cross-site scripting vulnerabilities. Attackers can exploit this vulnerability to achieve cross-site attacks.

Solution

At present, the vendor has released the patches to repair loopholes, patch for a link: https://www.mantisbt.org/