Description: Some vulnerabilities have been reported in Mantis, which can be exploited by malicious people to conduct cross-site scripting attacks. Some input passed in filters, "manage_user", project documents, and saved queries isn't properly sanitised before being returned to users. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Solution: The vulnerabilities have been fixed in version 1.0.0rc5. http://sourceforge.net/project/showfiles.php?group_id=14963
Sigh. in CVS
Thx. Closing without GLSA as this is unstable.