CVE-2026-41897

Summary

MantisBT is Vulnerable to Reflected XSS in Rendering Dynamic Custom Textarea Field

Severity

medium

EPSS

0.3% (p20)

Also known as

GHSA-j7v9-f46r-2rp4

Published

2026-05-11

References

• https://github.com/mantisbt/mantisbt/security/advisories/GHSA-j7v9-f46r-2rp4
• https://nvd.nist.gov/vuln/detail/CVE-2026-41897
• https://github.com/mantisbt/mantisbt/commit/c885af13f0b8596714ffe11df757c09f35fbd8f4

Related advisories

• CVE-2026-30849 — critical · Packagist/mantisbt/mantisbt
• CVE-2026-44657 — high · Packagist/mantisbt/mantisbt
• CVE-2026-44655 — high · Packagist/mantisbt/mantisbt
• CVE-2026-42071 — high · Packagist/mantisbt/mantisbt
• CVE-2026-40607 — high · Packagist/mantisbt/mantisbt
• CVE-2026-40597 — high · Packagist/mantisbt/mantisbt
• CVE-2026-40596 — high · Packagist/mantisbt/mantisbt
• CVE-2026-34463 — high · Packagist/mantisbt/mantisbt

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Summarize with AI

ChatGPTClaudePerplexity