CVE-2026-34463
Deferred Deferred - Pending Action
Stored XSS in MantisBT Issue Cloning

Publication date: 2026-05-19

Last updated on: 2026-05-19

Assigner: GitHub, Inc.

Description
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior contain a Stored XSS vulnerability. When cloning an issue originating from a Project other than the current one, the clone form (bug_report_page.php) prepends the source Project name before the category selector without proper escaping, allowing an attacker able to to inject HTML if they can set the Project's name (which typically requires manager or administrator access level). This issue has been resolved in version 2.28.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-19
Last Modified
2026-05-19
Generated
2026-06-10
AI Q&A
2026-05-20
EPSS Evaluated
2026-06-08
NVD
CVE-2026-34463
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
mantisbt mantis_bug_tracker to 2.28.2 (exc)
mantisbt mantis_bug_tracker 2.28.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how the Stored XSS vulnerability in Mantis Bug Tracker affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

Mantis Bug Tracker (MantisBT) versions 2.28.1 and earlier have a Stored Cross-Site Scripting (XSS) vulnerability. This occurs when cloning an issue from a different Project than the current one. The clone form (bug_report_page.php) inserts the source Project's name before the category selector without properly escaping it. If an attacker can set the Project's name (which usually requires manager or administrator access), they can inject malicious HTML code.

This vulnerability was fixed in version 2.28.2.

Impact Analysis

An attacker with sufficient privileges (manager or administrator) could exploit this vulnerability to inject malicious HTML code into the application. This could lead to Stored Cross-Site Scripting attacks, potentially allowing the attacker to execute scripts in the context of other users, steal session information, perform unauthorized actions, or compromise the integrity of the application.

Mitigation Strategies

To mitigate this vulnerability, upgrade Mantis Bug Tracker to version 2.28.2 or later, where the issue has been resolved.

Detection Guidance

This vulnerability involves a Stored Cross-Site Scripting (XSS) issue in Mantis Bug Tracker versions 2.28.1 and prior, specifically when cloning an issue from a different project. Detection involves verifying if the MantisBT instance is running a vulnerable version and checking if the project names in the clone issue form are properly escaped.

To detect this vulnerability on your system, you can:

  • Check the MantisBT version to confirm if it is 2.28.1 or earlier, which are vulnerable.
  • Attempt to clone an issue from a different project and inspect the HTML source of the clone form (bug_report_page.php) to see if the project name is properly escaped or if it contains unescaped HTML that could lead to XSS.
  • Look for suspicious HTML or script tags in the project name field in the clone issue form.

Suggested commands or steps:

  • Use curl or wget to fetch the clone issue page for an issue from a different project, for example: curl -s -b cookies.txt 'http://your-mantisbt-instance/bug_report_page.php?m_id=ISSUE_ID' | grep -i 'project name'
  • Use browser developer tools to inspect the HTML content of the clone issue form and check if the project name is escaped (e.g., special characters like <, >, & are encoded).
  • If you have administrative access, verify the project names in the database or via the UI to see if any contain HTML or script tags.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34463. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart