[HIGH] MantisBT is Vulnerable to XSS leading to account takeover via updating a user's font family preference

PKSA-gt1y-4mwq-1fky CVE-2026-40596 GHSA-j3v9-553h-x28j

Affected package: mantisbt/mantisbt

Affected version: >=2.11.0,<=2.28.1

Reported by:
GitHub