Tag
A stored HTML injection vulnerability (CVE-2026-33548) exists in MantisBT version 2.28.0, allowing attackers to inject HTML and execute arbitrary JavaScript by manipulating tag names displayed in the timeline due to improper escaping.