[HIGH] MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation

PKSA-dcyg-8m67-cs7k CVE-2026-33517 GHSA-fh48-f69w-7vmp

Affected package: mantisbt/mantisbt

Affected version: =2.28.0

Reported by:
GitHub