[MEDIUM] MantisBT is Vulnerable to Stored XSS in Custom Field Textarea Values

PKSA-vqsr-dxg3-8yzy CVE-2026-39960 GHSA-qj6w-v29q-4rgx

Affected package: mantisbt/mantisbt

Affected version: <=2.28.1

Reported by:
GitHub