MantisBT has Stored HTML Injection / XSS when displaying Tags in Timeline

Mantis Bug Tracker (MantisBT) is an open source issue tracker. In version 2.28.0, improper escaping of tag names retrieved from History in Timeline (my_view_page.php) allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that has been renamed or deleted. Version 2.28.1 contains a patch. Workarounds include editing offending History entries (using SQL) and wrapping `$this->tag_name` in a string_html_specialchars() call in IssueTagTimelineEvent::html().

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Mantis Bug Tracker 跨站脚本漏洞

Mantis Bug Tracker（MantisBT）是Mantis Bug Tracker开源的一个 bug 跟踪器。 Mantis Bug Tracker 2.28.0版本存在跨站脚本漏洞，该漏洞源于时间线中标签名称转义不当，可能导致跨站脚本攻击。

N/A

N/A