CVE-2026-44657: MantisBT Vulnerable to Stored XSS in File Download
(updated )
Using show_inline=1 parameter and a valid file_show_inline_token CSRF token on file_download.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript attachment.
References
- github.com/advisories/GHSA-p6fr-rxq7-xcg8
- github.com/mantisbt/mantisbt/commit/26647b2e68ba30b9d7987d4e03d7a16416684bc2
- github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3
- github.com/mantisbt/mantisbt/security/advisories/GHSA-p6fr-rxq7-xcg8
- mantisbt.org/bugs/view.php?id=37020
- nvd.nist.gov/vuln/detail/CVE-2026-44657
Code Behaviors & Features
Detect and mitigate CVE-2026-44657 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →