Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-tmey-9ntn-xkf9
Vulnerability ID VCID-tmey-9ntn-xkf9
Aliases CVE-2026-40596
GHSA-j3v9-553h-x28j
Summary MantisBT is Vulnerable to XSS leading to account takeover via updating a user's font family preference Any authenticated user can inject arbitrary HTML via updating their account's font family. ### Impact Cross-site scripting. The injected payload will be reflected in every MantisBT page. Leveraging another vulnerability (CSP bypass, see [GHSA-9c3j-xm6v-j7j3](https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3)), the attacker could achieve account takeover. ### Patches - 9e8409cdd979eba86ef532756fc47c1d8112d22d ### Workarounds None ### Credits Thanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
System Score Found at
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2026-40596
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2026-40596
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2026-40596
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-j3v9-553h-x28j
cvssv4 7.2 https://github.com/mantisbt/mantisbt
generic_textual HIGH https://github.com/mantisbt/mantisbt
cvssv4 7.2 https://github.com/mantisbt/mantisbt/commit/9e8409cdd979eba86ef532756fc47c1d8112d22d
generic_textual HIGH https://github.com/mantisbt/mantisbt/commit/9e8409cdd979eba86ef532756fc47c1d8112d22d
ssvc Track https://github.com/mantisbt/mantisbt/commit/9e8409cdd979eba86ef532756fc47c1d8112d22d
cvssv4 7.2 https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3
generic_textual HIGH https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3
ssvc Track https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3
cvssv3.1_qr HIGH https://github.com/mantisbt/mantisbt/security/advisories/GHSA-j3v9-553h-x28j
cvssv4 7.2 https://github.com/mantisbt/mantisbt/security/advisories/GHSA-j3v9-553h-x28j
generic_textual HIGH https://github.com/mantisbt/mantisbt/security/advisories/GHSA-j3v9-553h-x28j
ssvc Track https://github.com/mantisbt/mantisbt/security/advisories/GHSA-j3v9-553h-x28j
cvssv4 7.2 https://mantisbt.org/bugs/view.php?id=37011
generic_textual HIGH https://mantisbt.org/bugs/view.php?id=37011
ssvc Track https://mantisbt.org/bugs/view.php?id=37011
cvssv4 7.2 https://mantisbt.org/bugs/view.php?id=37016
generic_textual HIGH https://mantisbt.org/bugs/view.php?id=37016
ssvc Track https://mantisbt.org/bugs/view.php?id=37016
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2026-40596
https://github.com/mantisbt/mantisbt
https://github.com/mantisbt/mantisbt/commit/9e8409cdd979eba86ef532756fc47c1d8112d22d
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-j3v9-553h-x28j
https://mantisbt.org/bugs/view.php?id=37011
https://mantisbt.org/bugs/view.php?id=37016
GHSA-j3v9-553h-x28j https://github.com/advisories/GHSA-j3v9-553h-x28j
No exploits are available.
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L Found at https://github.com/mantisbt/mantisbt
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L Found at https://github.com/mantisbt/mantisbt/commit/9e8409cdd979eba86ef532756fc47c1d8112d22d
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T20:10:08Z/ Found at https://github.com/mantisbt/mantisbt/commit/9e8409cdd979eba86ef532756fc47c1d8112d22d
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L Found at https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T20:10:08Z/ Found at https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L Found at https://github.com/mantisbt/mantisbt/security/advisories/GHSA-j3v9-553h-x28j
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T20:10:08Z/ Found at https://github.com/mantisbt/mantisbt/security/advisories/GHSA-j3v9-553h-x28j
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L Found at https://mantisbt.org/bugs/view.php?id=37011
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T20:10:08Z/ Found at https://mantisbt.org/bugs/view.php?id=37011
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L Found at https://mantisbt.org/bugs/view.php?id=37016
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T20:10:08Z/ Found at https://mantisbt.org/bugs/view.php?id=37016
Exploit Prediction Scoring System (EPSS)
Percentile 0.179
EPSS Score 0.00056
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:04:14.276746+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-j3v9-553h-x28j/GHSA-j3v9-553h-x28j.json 38.6.0