[MEDIUM] MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page

PKSA-gycx-g1kn-1tnd CVE-2026-40598 GHSA-6jh4-47v2-4g37

Affected package: mantisbt/mantisbt

Affected version: <=2.28.1

Reported by:
GitHub