Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-vgup-xrgt-57bd
Vulnerability ID VCID-vgup-xrgt-57bd
Aliases CVE-2026-44657
GHSA-p6fr-rxq7-xcg8
Summary MantisBT Vulnerable to Stored XSS in File Download Using *show_inline=1* parameter and a valid *file_show_inline_token* CSRF token on file_download.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript attachment. ### Impact Cross-site scripting ### Patches - 26647b2e68ba30b9d7987d4e03d7a16416684bc2 ### Workarounds None ### Credits Thanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
System Score Found at
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2026-44657
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2026-44657
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2026-44657
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-p6fr-rxq7-xcg8
cvssv4 7.5 https://github.com/mantisbt/mantisbt
generic_textual HIGH https://github.com/mantisbt/mantisbt
cvssv4 7.5 https://github.com/mantisbt/mantisbt/commit/26647b2e68ba30b9d7987d4e03d7a16416684bc2
generic_textual HIGH https://github.com/mantisbt/mantisbt/commit/26647b2e68ba30b9d7987d4e03d7a16416684bc2
ssvc Track https://github.com/mantisbt/mantisbt/commit/26647b2e68ba30b9d7987d4e03d7a16416684bc2
cvssv4 7.5 https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3
generic_textual HIGH https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3
ssvc Track https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3
cvssv3.1_qr HIGH https://github.com/mantisbt/mantisbt/security/advisories/GHSA-p6fr-rxq7-xcg8
cvssv4 7.5 https://github.com/mantisbt/mantisbt/security/advisories/GHSA-p6fr-rxq7-xcg8
generic_textual HIGH https://github.com/mantisbt/mantisbt/security/advisories/GHSA-p6fr-rxq7-xcg8
ssvc Track https://github.com/mantisbt/mantisbt/security/advisories/GHSA-p6fr-rxq7-xcg8
cvssv4 7.5 https://mantisbt.org/bugs/view.php?id=37020
generic_textual HIGH https://mantisbt.org/bugs/view.php?id=37020
ssvc Track https://mantisbt.org/bugs/view.php?id=37020
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2026-44657
https://github.com/mantisbt/mantisbt
https://github.com/mantisbt/mantisbt/commit/26647b2e68ba30b9d7987d4e03d7a16416684bc2
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-p6fr-rxq7-xcg8
https://mantisbt.org/bugs/view.php?id=37020
GHSA-p6fr-rxq7-xcg8 https://github.com/advisories/GHSA-p6fr-rxq7-xcg8
No exploits are available.
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N Found at https://github.com/mantisbt/mantisbt
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N Found at https://github.com/mantisbt/mantisbt/commit/26647b2e68ba30b9d7987d4e03d7a16416684bc2
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T14:49:46Z/ Found at https://github.com/mantisbt/mantisbt/commit/26647b2e68ba30b9d7987d4e03d7a16416684bc2
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N Found at https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T14:49:46Z/ Found at https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N Found at https://github.com/mantisbt/mantisbt/security/advisories/GHSA-p6fr-rxq7-xcg8
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T14:49:46Z/ Found at https://github.com/mantisbt/mantisbt/security/advisories/GHSA-p6fr-rxq7-xcg8
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N Found at https://mantisbt.org/bugs/view.php?id=37020
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T14:49:46Z/ Found at https://mantisbt.org/bugs/view.php?id=37020
Exploit Prediction Scoring System (EPSS)
Percentile 0.22155
EPSS Score 0.00072
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:00:51.823650+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-p6fr-rxq7-xcg8/GHSA-p6fr-rxq7-xcg8.json 38.6.0