Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.
Debian Security Advisory 1133-1 - Several remote vulnerabilities have been discovered in the Mantis bug tracking system, which may lead to the execution of arbitrary web scripts.