Tag
MantisBT is vulnerable to stored cross-site scripting (XSS) via file_download.php by using the `show_inline=1` parameter with a valid CSRF token to upload a crafted XHTML attachment referencing a JavaScript attachment, leading to arbitrary code execution.