CVE-2026-39960 | mantisbt Mantis Bug Tracker up to 2.28.1 Update Issue Page bug_update_page.php cross site scripting

Inserito da Angelo Barbosa | Mag 20, 2026 | CVE

A vulnerability has been found in mantisbt Mantis Bug Tracker up to 2.28.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file bug_update_page.php of the component Update Issue Page. This manipulation causes cross site scripting.

The identification of this vulnerability is CVE-2026-39960. It is possible to initiate the attack remotely. There is no exploit available.

The affected component should be upgraded.

CVE-2026-39960 | mantisbt Mantis Bug Tracker up to 2.28.1 Update Issue Page bug_update_page.php cross site scripting

Post correlati

CVE-2024-4362 | SiteOrigin Widgets Bundle Plugin up to 1.60.0 on WordPress Shortcode siteorigin_widget cross site scripting

CVE-2024-42218 | 1Password up to 8.10.36 on macOS information disclosure

CVE-2024-7400 | ESET NOD32 Antivirus up to 1250 on Windows insecure operation on windows junction / mount point

CVE-2024-0181 | RRJ Nueva Ecija Engineer Online Portal 1.0 Admin Panel /admin/admin_user.php Firstname/Lastname/Username cross site scripting