{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40607", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-14T14:07:59.642Z", "datePublished": "2026-05-22T19:39:13.817Z", "dateUpdated": "2026-05-26T18:51:17.022Z"}, "containers": {"cna": {"title": "MantisBT is Vulnerable to Stored XSS Through its Saved-Filter Owner Column", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-f633-865q-2mhh", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-f633-865q-2mhh"}, {"name": "https://github.com/mantisbt/mantisbt/commit/44f490bcf20fd491c1b8f3fc9dd041d8c2a30010", "tags": ["x_refsource_MISC"], "url": "https://github.com/mantisbt/mantisbt/commit/44f490bcf20fd491c1b8f3fc9dd041d8c2a30010"}, {"name": "https://mantisbt.org/bugs/view.php?id=37015", "tags": ["x_refsource_MISC"], "url": "https://mantisbt.org/bugs/view.php?id=37015"}], "affected": [{"vendor": "mantisbt", "product": "mantisbt", "versions": [{"version": ">= 2.1.0, < 2.28.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-05-22T19:39:13.817Z"}, "descriptions": [{"lang": "en", "value": "Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.11.0 through 2.28.1, a Stored XSS vulnerability is caused by incorrect escaping of a saved filter's owner, allowing an attacker to inject arbitrary HTML on systems where $g_show_user_realname = ON. Note that By default, only users with Manager access level or above can save their filters publicly. This issue has been fixed in version 2.28.2. If developers are unable to update immediately, they can work around this issue by preventing display of users' real names (set $g_ show_user_realname = OFF; in configuration), and restricting the ability to store filters (set $g_stored_query_create_threshold / $g_stored_query_create_shared_threshold to NOBODY)."}], "source": {"advisory": "GHSA-f633-865q-2mhh", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-26T18:51:03.130533Z", "id": "CVE-2026-40607", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-26T18:51:17.022Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40607", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-05-26T18:51:03.130533Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-26T18:51:11.300Z"}}], "cna": {"title": "MantisBT is Vulnerable to Stored XSS Through its Saved-Filter Owner Column", "source": {"advisory": "GHSA-f633-865q-2mhh", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "mantisbt", "product": "mantisbt", "versions": [{"status": "affected", "version": ">= 2.1.0, < 2.28.2"}]}], "references": [{"url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-f633-865q-2mhh", "name": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-f633-865q-2mhh", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/mantisbt/mantisbt/commit/44f490bcf20fd491c1b8f3fc9dd041d8c2a30010", "name": "https://github.com/mantisbt/mantisbt/commit/44f490bcf20fd491c1b8f3fc9dd041d8c2a30010", "tags": ["x_refsource_MISC"]}, {"url": "https://mantisbt.org/bugs/view.php?id=37015", "name": "https://mantisbt.org/bugs/view.php?id=37015", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.11.0 through 2.28.1, a Stored XSS vulnerability is caused by incorrect escaping of a saved filter's owner, allowing an attacker to inject arbitrary HTML on systems where $g_show_user_realname = ON. Note that By default, only users with Manager access level or above can save their filters publicly. This issue has been fixed in version 2.28.2. If developers are unable to update immediately, they can work around this issue by preventing display of users' real names (set $g_ show_user_realname = OFF; in configuration), and restricting the ability to store filters (set $g_stored_query_create_threshold / $g_stored_query_create_shared_threshold to NOBODY)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-05-22T19:39:13.817Z"}}}, "cveMetadata": {"cveId": "CVE-2026-40607", "state": "PUBLISHED", "dateUpdated": "2026-05-26T18:51:17.022Z", "dateReserved": "2026-04-14T14:07:59.642Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-05-22T19:39:13.817Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"affected": [{"affectedData": [{"product": "mantisbt", "vendor": "mantisbt", "versions": [{"status": "affected", "version": ">= 2.1.0, < 2.28.2"}]}], "source": "security-advisories@github.com"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.11.0 through 2.28.1, a Stored XSS vulnerability is caused by incorrect escaping of a saved filter's owner, allowing an attacker to inject arbitrary HTML on systems where $g_show_user_realname = ON. Note that By default, only users with Manager access level or above can save their filters publicly. This issue has been fixed in version 2.28.2. If developers are unable to update immediately, they can work around this issue by preventing display of users' real names (set $g_ show_user_realname = OFF; in configuration), and restricting the ability to store filters (set $g_stored_query_create_threshold / $g_stored_query_create_shared_threshold to NOBODY)."}], "id": "CVE-2026-40607", "lastModified": "2026-06-17T10:45:31.663", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}], "ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-40607", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "total"}], "role": "CISA Coordinator", "timestamp": "2026-05-26T18:51:03.130533Z", "version": "2.0.3"}}]}, "published": "2026-05-22T20:16:34.627", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/mantisbt/mantisbt/commit/44f490bcf20fd491c1b8f3fc9dd041d8c2a30010"}, {"source": "security-advisories@github.com", "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-f633-865q-2mhh"}, {"source": "security-advisories@github.com", "url": "https://mantisbt.org/bugs/view.php?id=37015"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2.1.0,2.28.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "mantisbt", "source": "cna", "vendor": "mantisbt"}, "product": "mantisbt", "vendor": "mantisbt"}], "created": "2026-05-22T21:30:15.768295+00:00", "updated": "2026-05-22T21:30:16.058997+00:00", "vendors": ["mantisbt", "mantisbt$PRODUCT$mantisbt"]}