[HIGH] MantisBT has Stored HTML Injection/XSS when displaying Tags in Timeline

PKSA-snjj-r5pw-fbgn CVE-2026-33548 GHSA-73vx-49mv-v8w5

Affected package: mantisbt/mantisbt

Affected version: =2.28.0

Reported by:
GitHub