A vulnerability has been found in mantisbt Mantis Bug Tracker up to 2.28.1 and classified as problematic . Affected by this vulnerability is an unknown functionality of the file bug_update_page.php of the component Update Issue Page . This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2026-39960 . It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.