Improper escaping of tag names retrieved from History in Timeline (my_view_page.php) allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that has been renamed or deleted.
Cross-site scripting (XSS).
f32787c14d4518476fe7f05f992dbfe6eaccd815
$this->tag_name in a string_html_specialchars() call in IssueTagTimelineEvent::html()MantisBT thanks Vishal Shukla for discovering and responsibly reporting the issue.
2.28.02.28.2Exploitability
AV:NAC:LAT:NPR:LUI:PVulnerable System
VC:HVI:HVA:HSubsequent System
SC:NSI:NSA:N8.6/CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N