Mantis 2.11.1 Cross Site Scripting


MantisBT is a web-based open source defect tracking system developed by the MantisBT team. The system provides project management and defect tracking service in the form of Web operation.

Mantis 2.11.1 has cross-site scripting vulnerabilities. Attackers can exploit this vulnerability to achieve cross-site attacks.


At present, the vendor has released the patches to repair loopholes, patch for a link: