[MEDIUM] MantisBT is Vulnerable to Reflected XSS in Rendering Dynamic Custom Textarea Field

PKSA-p4dp-frh9-2khv CVE-2026-41897 GHSA-j7v9-f46r-2rp4

Affected package: mantisbt/mantisbt

Affected version: >=1.0.0,<2.28.2

Reported by:
GitHub